Kw3[R]Ln

45 exploits Active since Jun 2006
CVE-2006-3340 EXPLOITDB text WORKING POC
Pearl For Mambo 1.6 - Remote File Inclusion via phpbb_root_path and GlobalSettings[templatesDirectory] Parameters
Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.
CVE-2006-3266 EXPLOITDB text WRITEUP
Bee-hive Lite < 1.2 - Remote File Inclusion via Multiple PHP Parameters
Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php.
CVE-2006-6635 EXPLOITDB perl WORKING POC
JumbaCMS 0.0.1 - Remote File Inclusion via jcms_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.
CVE-2007-3325 EXPLOITDB perl WORKING POC
LAN Management System < 1.6.9 - Remote File Inclusion via _LIB_DIR Parameter
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
CVE-2006-6632 EXPLOITDB text WRITEUP
Genepi <1.6 - Remote Code Execution
PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter.
CVE-2006-7024 EXPLOITDB text WORKING POC
Harpia CMS < 1.0.5 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.
CVE-2006-6225 EXPLOITDB text WRITEUP
GeekLog 1.4 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.
CVE-2007-4008 EXPLOITDB perl WORKING POC
Entertainment Media Sharing CMS - Path Traversal
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.
CVE-2007-3697 EXPLOITDB python WORKING POC
FlashBB < 1.1.5 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
CVE-2006-5555 EXPLOITDB perl WORKING POC
EPNadmin 0.7 and 0.7.1 - Remote File Inclusion via Langage Parameter
PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter.
CVE-2006-5400 EXPLOITDB text WRITEUP
CyberBrau 0.9.4 - Remote File Inclusion via Forum Track Path Parameter
PHP remote file inclusion vulnerability in forum/track.php in CyberBrau 0.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-5910 EXPLOITDB text WORKING POC
Campware Campsite - Remote File Inclusion via g_documentRoot Parameter
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/.
CVE-2006-6976 EXPLOITDB text WRITEUP
CentiPaid < 1.4.2 - Remote Code Execution via absolute_path Parameter
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.
CVE-2006-5480 EXPLOITDB python WORKING POC
Castor PHP Web Builder 1.1.1 - Remote Code Execution via rootpath Parameter
PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.
EIP-2026-105439 EXPLOITDB text WRITEUP
Bee-hive 1.2 - Multiple Remote File Inclusions
CVE-2006-4913 EXPLOITDB perl WORKING POC
AlstraSoft E-friends 4.85 - Path Traversal
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.
CVE-2006-3193 EXPLOITDB text WRITEUP
Grayscale BandSite CMS 1.1.1 - Remote Code Execution via root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.
CVE-2007-3563 EXPLOITDB text WORKING POC
AV Arcade 2.1b - SQL Injection via id Parameter
SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.
CVE-2006-5401 EXPLOITDB text WRITEUP
AROUNDMe < 0.5.2 - Remote File Inclusion via templatePath Parameter
PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter.
CVE-2006-5505 EXPLOITDB perl WORKING POC
2BGal 3.0 - Remote PHP File Inclusion via Lang Parameter
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.