Kacper

159 exploits Active since Dec 2003
CVE-2008-2013 EXPLOITDB text WORKING POC
pnflashgames 1.5-2.5 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action.
CVE-2008-2012 EXPLOITDB text WORKING POC
PostNuke PostSchedule 1.0 - SQL Injection
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.
CVE-2006-5733 EXPLOITDB php WORKING POC
PostNuke < 0.763 - Directory Traversal and Arbitrary File Execution via PNSVlang Cookie
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
CVE-2006-5165 EXPLOITDB php WORKING POC
Skrypty PPA Gallery < 1.0 - Remote File Inclusion via config[ppa_root_path] Parameter
PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter.
CVE-2006-4944 EXPLOITDB perl WORKING POC
ProgSys < 0.151 - Remote Code Execution via phpdns_basedir Parameter
PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
CVE-2006-4204 EXPLOITDB text WRITEUP
phprojekt < 5.1 - Remote Code Execution via path_pre or lib_path Parameter
Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php.
EIP-2026-111177 EXPLOITDB text WRITEUP
phpOnDirectory 1.0 - Remote File Inclusion
CVE-2006-5665 EXPLOITDB php WORKING POC
Spider Friendly < 1.3.10 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-4636 EXPLOITDB php WORKING POC
SZEWO PhpCommander <3.0 - Path Traversal
Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
CVE-2006-4458 EXPLOITDB php WORKING POC
phpGroupWare 0.9.16.010 - Directory Traversal via Country Parameter
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
CVE-2006-4631 EXPLOITDB php WORKING POC
SoftBB < 0.1 - Authenticated Direct Static Code Injection via cache_forum Parameter
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
CVE-2006-6613 EXPLOITDB php WORKING POC
phpAlbum <0.4.1 Beta 6 - Path Traversal
Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
EIP-2026-110969 EXPLOITDB text WRITEUP
phpBB 3 - 'autopost bot mod 0.1.3' Remote File Inclusion
CVE-2007-0370 EXPLOITDB php WORKING POC
phpBP RC3 (2.204) and earlier - Unauthenticated Arbitrary PHP Code Execution via Banner Upload
Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers.
EIP-2026-111013 EXPLOITDB text WORKING POC
phpCodeGenie 3.0.2 - 'BEAUT_PATH' Remote File Inclusion
CVE-2007-4313 EXPLOITDB text WRITEUP
Php Blue Dragon CMS 3.0.0 - Remote File Inclusion via vsDragonRootPath Parameter
PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958.
CVE-2007-4312 EXPLOITDB php WORKING POC
Php Blue Dragon CMS 3.0.0 - SQL Injection
SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action.
CVE-2007-2320 EXPLOITDB php WORKING POC
papoo < 3.02 - SQL Injection via kontakt.php menuid Parameter
SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478.
EIP-2026-110590 EXPLOITDB php WORKING POC
pHNews alpha 1 - 'templates_dir' Remote Code Execution
CVE-2006-4912 EXPLOITDB python WORKING POC
php_docwriter < 0.3 - Remote File Inclusion via Script Parameter
PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
EIP-2026-110746 EXPLOITDB php WORKING POC
PHP Proxima 6 - completepack Remote Code Execution
CVE-2006-4420 EXPLOITDB php WORKING POC
Phaos 0.9.2 - Directory Traversal via Lang Parameter
Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter.
CVE-2006-4531 EXPLOITDB perl WORKING POC
Pheap CMS < 1.1 - Remote File Inclusion via lpref Parameter
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.
CVE-2006-4962 EXPLOITDB php WORKING POC
Php Blue Dragon <2.9.1 - Path Traversal
Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.
CVE-2006-1209 EXPLOITDB php WORKING POC
PHP Advanced Transfer Manager <1.31 - Info Disclosure
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.