Kacper

159 exploits Active since Dec 2003
CVE-2006-5762 EXPLOITDB php WORKING POC
Free PHP Scripts Free File Hosting < 1.1 - Code Injection
PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.
CVE-2006-2962 EXPLOITDB text WORKING POC
Empris <20020923 - RCE
PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter.
CVE-2006-2726 EXPLOITDB text WORKING POC
Fastpublish CMS 1.6.9.d - RCE
PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php.
CVE-2007-0764 EXPLOITDB php WORKING POC
F3Site <2.1 - RCE
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.
EIP-2026-106981 EXPLOITDB php WORKING POC
extreme-fusion 4.02 - Remote Code Execution
EIP-2026-106980 EXPLOITDB php WORKING POC
eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion
CVE-2006-5292 EXPLOITDB text WORKING POC
Exhibit Engine <1.5 RC 4 - RCE
PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2006-7183 EXPLOITDB text WRITEUP
Exhibit Engine <1.22 - RCE
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2006-6445 EXPLOITDB php WORKING POC
Envolution 1.1.0 - Path Traversal
Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
CVE-2006-2982 EXPLOITDB text WORKING POC
Enterprise Timesheet and Payroll Systems <1.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php.
EIP-2026-106489 EXPLOITDB text WORKING POC
DoceboLms 2.0.x/3.0.x / DoceboKms 3.0.3 / Docebo CMS 3.0.x - Multiple Remote File Inclusions
CVE-2006-5786 EXPLOITDB php WORKING POC
E107 - Path Traversal
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
CVE-2006-6694 EXPLOITDB text WORKING POC
E-Uploader Pro <1.0 - RCE
Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php.
CVE-2006-4234 EXPLOITDB text WRITEUP
dotProject <2.0.4 - RCE
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
CVE-2006-2577 EXPLOITDB text WORKING POC
Docebo <3.0.3 - RCE
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7068 EXPLOITDB text WORKING POC
CliServ Web Community <0.65 - RCE
PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3.
CVE-2006-2863 EXPLOITDB text WORKING POC
CS-Cart <1.3.3 - RCE
PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.
CVE-2007-2890 EXPLOITDB php WORKING POC
cpCommerce <1.1.0 - SQL Injection
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.
EIP-2026-106145 EXPLOITDB text WRITEUP
Content-Builder (CMS) 0.7.2 - Multiple Include Vulnerabilities
CVE-2006-4897 EXPLOITDB text WORKING POC
CMtextS <1.0 - Info Disclosure
CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.
CVE-2006-4536 EXPLOITDB php WORKING POC
Cms Frogss - SQL Injection
SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.
CVE-2006-5257 EXPLOITDB perl WORKING POC
Ciamos CMS <0.9.6b - RCE
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.
CVE-2009-1649 EXPLOITDB text WORKING POC
Bicluc Belive - Path Traversal
Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter.
CVE-2006-4721 EXPLOITDB php WORKING POC
CCleague Pro Sports CMS 1.0.1 RC1 - Path Traversal
Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file.
CVE-2006-2570 EXPLOITDB text WORKING POC
CaLogic Calendars 1.2.2 - RCE
PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue.