MoHaNdKo

7 exploits Active since Oct 2006
CVE-2006-5431 EXPLOITDB text WORKING POC
Zorum < 3.5 - Remote File Inclusion via appDirName Parameter
PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter.
CVE-2006-5193 EXPLOITDB text WRITEUP
wikyblog <= 1.2.3 - Remote File Inclusion via includeDir Parameter
PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.
CVE-2007-2258 EXPLOITDB text WRITEUP
PHPMyBibli - Remote File Inclusion via base_path Parameter
PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
CVE-2006-5232 EXPLOITDB text WRITEUP
iSearch 2.16 - Remote File Inclusion via isearch_path Parameter
Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path parameter in (1) index.php, (2) viewcache.php, (3) sitemap.php, (4) isearch.inc.php, (5) google_sitemap.php, (6) stats.php, or (7) auto_spider_img.php. NOTE: this issue has been disputed by a third party who shows that $isearch_path is set to a constant value. CVE analysis as of 20061010 is inconclusive, although the original researcher is known to make mistakes
CVE-2006-5716 EXPLOITDB text WRITEUP
FreeNews 2.1 - Directory Traversal via chemin Parameter
Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is not set to "1."
EIP-2026-105885 EXPLOITDB text WRITEUP
Claroline 1.x - RootSys Remote File Inclusion
CVE-2007-2202 EXPLOITDB text WORKING POC
Accueil et Conseil en Visites et Sejours Web Services PHP5 1.0 - Remote File Inclusion via CheminInclude Parameter
PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter.