Mehmet Ince

176 exploits Active since Dec 2002
CVE-2006-4746 EXPLOITDB text WORKING POC
Web Server Creator 0.1 - Remote File Inclusion via News Customize l Parameter
PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
CVE-2009-0446 EXPLOITDB php WORKING POC
WEBalbum 2.4b - SQL Injection via photo.php id Parameter
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1482 EXPLOITDB text WORKING POC
WBBlog - Cross-Site Scripting via e_id Parameter
Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd.
CVE-2006-4060 EXPLOITDB text WORKING POC
Visual Events Calendar 1.1 - Remote File Inclusion via cfg_dir Parameter
PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter.
CVE-2006-5539 EXPLOITDB text WORKING POC
UeberProject Management System <1.0 - RCE
PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter.
CVE-2006-4166 EXPLOITDB text WORKING POC
TinyWebGallery <= 1.5 - Remote File Inclusion via Image Parameter
PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2.
EIP-2026-112790 EXPLOITDB ruby WORKING POC
Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit)
CVE-2017-11394 EXPLOITDB CRITICAL ruby WORKING POC
Trend Micro OfficeScan 11 and XG (12) - Remote Code Execution via Proxy.php T Parameter
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
CVSS 9.8
CVE-2007-2937 EXPLOITDB text WRITEUP
TROforum 0.1 - Remote File Inclusion via site_url Parameter
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
CVE-2007-2774 EXPLOITDB text WRITEUP
SunLight CMS 5.3 - Remote File Inclusion via Root Parameter
Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php.
CVE-2007-3522 EXPLOITDB text WRITEUP
sPHPell 1.01 - Remote File Inclusion via SpellIncPath Parameter
Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
CVE-2006-5636 EXPLOITDB text WORKING POC
Simple Website Software <0.99 - RCE
PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter.
CVE-2006-6850 EXPLOITDB text WORKING POC
Shadowed Portal 5.7 - Remote File Inclusion via mod_root Parameter
PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
EIP-2026-112050 EXPLOITDB python WORKING POC
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection
CVE-2006-4012 EXPLOITDB text WORKING POC
circeOS SaveWeb Portal 3.4 - RCE
Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687.
CVE-2007-2900 EXPLOITDB text WRITEUP
Scallywag 2005-04-25 - Remote Code Execution via Path Parameter in Template.php
Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
CVE-2007-1641 EXPLOITDB perl WORKING POC
PortailPHP 2.0 - SQL Injection via idnews Parameter
SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter.
CVE-2006-4498 EXPLOITDB text WORKING POC
PhpAlbum 2.15 - Remote File Inclusion via chemin Parameter
PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922.
CVE-2007-2427 EXPLOITDB text WORKING POC
pnFlashGames 1.5 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-2674 EXPLOITDB text WORKING POC
Pre Shopping Mall 1.0 - SQL Injection
SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter.
CVE-2006-4373 EXPLOITDB text WORKING POC
pSlash 0.70 - Remote File Inclusion via lvc_include_dir Parameter
PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.
CVE-2006-2763 EXPLOITDB text WORKING POC
Pre News Manager 1.0 - SQL Injection via id or nid Parameter
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
CVE-2006-3922 EXPLOITDB text WORKING POC
PortailPHP < 1.7 - Remote File Inclusion via chemin Parameter
PHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2007-2675 EXPLOITDB text WORKING POC
Pre Classifieds Listings 1.0 - SQL Injection
SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2009-2098 EXPLOITDB text WRITEUP
phPortal 1.0 - SQL Injection via Topicler id Parameter
SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.