Mehmet Ince

176 exploits Active since Dec 2002
CVE-2009-2634 EXPLOITDB text WORKING POC
Joomla! 1.5.3 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4242 EXPLOITDB text WORKING POC
Joomla/Mambo JIM 1.0.1 - Code Injection
PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2099 EXPLOITDB perl WORKING POC
iJoomla RSS Feeder - SQL Injection
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
CVE-2007-4128 EXPLOITDB text WORKING POC
Firestorm Technologies GMaps <1.00 - SQL Injection
SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action.
CVE-2009-2637 EXPLOITDB text WORKING POC
Joomla! com_booklibrary <1.5.2.4 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-5527 EXPLOITDB text WORKING POC
Intelimin InteliEditor <1.2.x - RCE
PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter.
CVE-2007-5140 EXPLOITDB text WORKING POC
Integramod Nederland - Code Injection
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2021-21425 EXPLOITDB CRITICAL ruby WORKING POC
Getgrav Grav-plugin-admin < 1.10.8 - Improper Access Control
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
CVSS 9.3
CVE-2007-0662 EXPLOITDB text WORKING POC
Hailboards 1.2.0 - RCE
PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-7107 EXPLOITDB text WORKING POC
Coalescent Systems freePBX <2.1.3 - RCE
PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
CVE-2006-5226 EXPLOITDB text WORKING POC
Prologin.fr Freenews <1.1 - RCE
PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2006-5230 EXPLOITDB text WORKING POC
FreeForum <0.9.7 - RCE
PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
CVE-2007-0580 EXPLOITDB perl WORKING POC
Foro Domus 2.10 - RCE
PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.
CVE-2007-0581 EXPLOITDB perl WORKING POC
EclipseBB 0.5.0 Lite - RCE
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-3683 EXPLOITDB text WRITEUP
Flipper Poll <1.1 - RCE
PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2007-2940 EXPLOITDB text WRITEUP
FlaP 1.0b - RCE
Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
CVE-2007-1105 EXPLOITDB perl WORKING POC
phpBB Extreme 3.0.1 - RCE
PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-6864 EXPLOITDB text WORKING POC
Enigma2 Coppermine Bridge 1.0 - RCE
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
CVE-2006-5623 EXPLOITDB text WORKING POC
EE Tool <0.4-1 - RCE
PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter.
EIP-2026-106334 EXPLOITDB text WORKING POC
dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure
EIP-2026-106592 EXPLOITDB ruby WORKING POC
Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)
CVE-2009-0445 EXPLOITDB php WORKING POC
Dreampics Gallery Builder - SQL Injection
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
CVE-2006-4075 EXPLOITDB text WORKING POC
Wim Fleischhauer docpile: wim's edition <0.2.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php.
CVE-2007-1556 EXPLOITDB text WORKING POC
Thecreativeheads.de Creative Files - SQL Injection
SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter.
CVE-2006-4850 EXPLOITDB text WORKING POC
BolinOS <4.5.5 - RCE
PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.