Kacper

159 exploits Active since Dec 2003
CVE-2006-4604 EXPLOITDB perl WORKING POC
Lanifex Database of Managed Objects < 2.3_beta - Remote File Inclusion via _incMgr Parameter
PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter.
CVE-2006-5189 EXPLOITDB perl WORKING POC
Klinza Professional CMS <5.0.1 - RCE
PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter.
CVE-2007-0337 EXPLOITDB php WORKING POC
KGB < 1.9 - Directory Traversal and Arbitrary File Execution via skinnn Parameter
Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.
CVE-2006-5115 EXPLOITDB php WORKING POC
KGB 1.87 - Remote File Inclusion via Engine Parameter
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.
CVE-2007-5974 EXPLOITDB text WORKING POC
JPortal 2 - SQL Injection via Mailer to Parameter
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
CVE-2008-5199 EXPLOITDB text WORKING POC
PHPOutsourcing IdeaBox 1.1 - Remote Code Execution via gorumDir Parameter
PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter.
CVE-2006-5511 EXPLOITDB php WORKING POC
JaxUltraBB 2.0 - Remote Code Execution via delete.php contents parameter
Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.
CVE-2008-1609 EXPLOITDB perl WORKING POC
jaf_cms 4.0 RC2 - Remote Code Execution via URL Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.
EIP-2026-108027 EXPLOITDB php WORKING POC
iziContents RC6 - Remote Code Execution
CVE-2006-4237 EXPLOITDB text WORKING POC
Invisionix Roaming System <0.2 - RCE
PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter.
CVE-2006-4448 EXPLOITDB text WORKING POC
interact 2.2 - Remote File Inclusion via CONFIG[BASE_PATH] or CONFIG[LANGUAGE_CPATH] Parameter
Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.
EIP-2026-107846 EXPLOITDB php WORKING POC
Innovate Portal 2.0 - 'acp.php' Remote Code Execution
CVE-2006-2818 EXPLOITDB text WORKING POC
Cameron McKay Informium 0.12.0 - RCE
PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter.
CVE-2006-5304 EXPLOITDB text WORKING POC
inccms_core < 1.0.0 - Remote File Inclusion via inc_dir Parameter
PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
CVE-2007-0082 EXPLOITDB php WORKING POC
IMGallery <= 2.5 - Authenticated Arbitrary PHP File Upload via Multiple Extensions
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
CVE-2006-5554 EXPLOITDB php WORKING POC
Imageview < 5 - Directory Traversal via User Settings Cookie
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php.
CVE-2006-2819 EXPLOITDB text WORKING POC
barnraiser igloo < 0.1.9 - Remote File Inclusion via Wiki.php c_node[class_path] Parameter
PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter.
CVE-2006-2730 EXPLOITDB text WORKING POC
Hot Open Tickets <11012004_ver2f - RCE
PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability.
CVE-2007-0804 EXPLOITDB php WORKING POC
GGCMS 1.1.0 RC1 and earlier - Directory Traversal and Arbitrary PHP Code Injection via subpageName Parameter
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
CVE-2007-1553 EXPLOITDB html WORKING POC
Guestbara < 1.2 - Unauthenticated Admin Account Modification via Configuration Parameter Injection
admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters.
EIP-2026-107518 EXPLOITDB html WORKING POC
Guesbara 1.2 - Administrator Password Change
CVE-2007-2935 EXPLOITDB php WORKING POC
Fundanemt <2.2.0.1 - Command Injection
core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.
CVE-2007-2299 EXPLOITDB php WORKING POC
frogss_cms < 0.7 - SQL Injection via dzial or t Parameter
Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.
CVE-2006-2998 EXPLOITDB text WORKING POC
QBoard <1.1 - Remote Code Execution
PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter.
CVE-2006-5670 EXPLOITDB php WORKING POC
Free Image Hosting < 1.0 - Remote File Inclusion via AD_BODY_TEMP Parameter
PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.