Kacper (a.k.a Rahim)

112 exploits Active since Mar 2006
CVE-2006-5257 EXPLOITDB perl WORKING POC
Ciamos CMS < 0.9.6b - Remote File Inclusion via module_cache_path Parameter
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.
CVE-2006-2863 EXPLOITDB text WORKING POC
CS-Cart 1.3.3 - Remote File Inclusion via classes_dir Parameter
PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.
EIP-2026-106145 EXPLOITDB text WRITEUP
Content-Builder (CMS) 0.7.2 - Multiple Include Vulnerabilities
CVE-2006-4897 EXPLOITDB text WORKING POC
CMtextS <= 1.0 - Unauthenticated Administrator Password Exposure via Insecure Web Root File
CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.
CVE-2006-7068 EXPLOITDB text WORKING POC
CliServ Web Community <= 0.65 - Remote File Inclusion via cl_headers Parameter
PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3.
CVE-2006-4536 EXPLOITDB php WORKING POC
CMS Frogss <= 0.4 - SQL Injection via podpis Parameter
SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.
CVE-2006-5167 EXPLOITDB php WORKING POC
BasiliX < 1.1.1 - Remote File Inclusion via BSX_LIBDIR or BSX_HTXDIR Parameter
Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.
CVE-2006-2864 EXPLOITDB text WORKING POC
BlueShoes Framework < 4.6 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php.
CVE-2006-4721 EXPLOITDB php WORKING POC
CCleague Pro Sports CMS 1.0.1 RC1 - Path Traversal
Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file.
CVE-2006-5531 EXPLOITDB php WORKING POC
ascended_guestbook < 1.0.0 - Remote File Inclusion via CONFIG[path] Parameter
PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter.
CVE-2006-4426 EXPLOITDB perl WORKING POC
Albert-EasySite < 1.0a5 - Remote File Inclusion via PSA_PATH Parameter
PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
CVE-2006-2996 EXPLOITDB text WORKING POC
LoveCompass aePartner - Remote File Inclusion via dir[data] Parameter
PHP remote file inclusion vulnerability in inc/design.inc.php in LoveCompass aePartner 0.8.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dir[data] parameter.