Mahmood_ali

69 exploits Active since Jul 2005
CVE-2005-2246 EXPLOITDB text WORKING POC
iPhotoAlbum 1.1 - Remote File Inclusion via doc_path or set_menu Parameter
Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php.
CVE-2007-2298 EXPLOITDB text WRITEUP
Garennes < 0.6.1 - Remote File Inclusion via repertoire_config Parameter
Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.
CVE-2007-2609 EXPLOITDB text WRITEUP
gnu_edu 1.3b2 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.
CVE-2007-1577 EXPLOITDB perl WORKING POC
GeBlog 0.1 - Directory Traversal and Remote Code Execution via GLOBALS[tplname] Parameter
Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
CVE-2007-2569 EXPLOITDB text WORKING POC
Friendly < 1.0d1 - Remote File Inclusion via friendly_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.
CVE-2007-0395 EXPLOITDB text WRITEUP
ComVironment 4.0 - Remote File Inclusion via inc_dir Parameter
PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
CVE-2007-1809 EXPLOITDB text WRITEUP
GraFX Company WebSite Builder PRO 1.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513.
CVE-2007-1640 EXPLOITDB text WRITEUP
ClassWeb < 2.03 - Remote File Inclusion via BASE Parameter
Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php.
CVE-2007-0500 EXPLOITDB text WORKING POC
Bradabra < 2.0.5 - Remote File Inclusion via include_path Parameter
PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2007-2611 EXPLOITDB text WRITEUP
CGX 20050314 - Remote File Inclusion via pathCGX Parameter
Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/.
CVE-2007-1930 EXPLOITDB text WORKING POC
cattadoc - Directory Traversal via download2.php fn1 Parameter
Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.
CVE-2007-2364 EXPLOITDB text WRITEUP
burnCMS 0.2 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/.
CVE-2007-1929 EXPLOITDB text WORKING POC
Beryo - Directory Traversal via Downloadpic.php Chemin Parameter
Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter.
CVE-2007-2301 EXPLOITDB text WRITEUP
arash audiocms 0.1.4 - Remote File Inclusion via arashlib_dir Parameter
Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/.
EIP-2026-105127 EXPLOITDB perl WORKING POC
Alstrasoft Article Manager Pro 1.6 - Blind SQL Injection
CVE-2006-5899 EXPLOITDB text WRITEUP
acid_stats 2.3 - Remote File Inclusion via install.php3 repertoire Parameter
PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack
CVE-2007-1219 EXPLOITDB text WRITEUP
Admin Phorum 3.3.1a - Code Injection
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2007-1621 EXPLOITDB perl WORKING POC
Active PHP Bookmark Notes <0.2.5 - RCE
PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254.
CVE-2007-4256 EXPLOITDB text WORKING POC
YNP Portal System 2.2.0 - Path Traversal
Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.