Nima Salehi

23 exploits Active since Dec 2005
CVE-2006-5280 EXPLOITDB perl WORKING POC
Cuttlefish Multimedia Ltd. Leicesters... - Code Injection
PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter.
CVE-2005-3981 EXPLOITDB c WORKING POC
Microsoft Windows XP-2003 - Local Privilege Escalation
NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE
CVE-2006-5305 EXPLOITDB perl WORKING POC
PHPBB <1.0.1 - RCE
PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5309 EXPLOITDB perl WORKING POC
Prillian French <0.8.0 - RCE
PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
EIP-2026-110983 EXPLOITDB perl WORKING POC
phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion
CVE-2006-5418 EXPLOITDB perl WORKING POC
Phpbb Searchindexer - Code Injection
PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
EIP-2026-110984 EXPLOITDB perl WORKING POC
phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion
CVE-2006-5301 EXPLOITDB python WORKING POC
Phpbb Spamblockermod < 1.0.2 - Code Injection
PHP remote file inclusion vulnerability in includes/antispam.php in the SpamBlockerMODv 1.0.2 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5385 EXPLOITDB perl WORKING POC
SpamOborona <1.0b - RCE
PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5263 EXPLOITDB perl WORKING POC
Phpmyagenda < 3.1_beta_1 - Path Traversal
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
CVE-2006-7168 EXPLOITDB perl WORKING POC
PHP <includes/not_mem.php - RCE
PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-6593 EXPLOITDB perl WORKING POC
AMAZONIA MOD - RCE
PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-7100 EXPLOITDB perl WORKING POC
Phpbb Insert User < 0.1.2 - Code Injection
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5306 EXPLOITDB python WORKING POC
Phpbb Journals System Module < 1.0.2_rc2 - Code Injection
Multiple PHP remote file inclusion vulnerabilities in the Journals System module 1.0.2 (RC2) and earlier for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/journals_delete.php, (2) includes/journals_post.php, or (3) includes/journals_edit.php.
CVE-2006-5415 EXPLOITDB perl WORKING POC
News Defilante Horizontale <4.1.1 - RCE
PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5387 EXPLOITDB perl WORKING POC
phpBB <20.272 - RCE
PHP remote file inclusion vulnerability in mods/iai/includes/constants.php in the PlusXL 20_272 and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5284 EXPLOITDB perl WORKING POC
Shen Cheng-Da PHP News Reader <2.6.4 - RCE
PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter.
CVE-2006-7148 EXPLOITDB perl WORKING POC
PHPBB <206.2.38 - RCE
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
EIP-2026-106214 EXPLOITDB php WORKING POC
cPanel 5-10 - SUID Wrapper Privilege Escalation
EIP-2026-106208 EXPLOITDB php WORKING POC
cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation
CVE-2006-5739 EXPLOITDB perl WORKING POC
Leicestershire communityPortals 1.0 - RCE
PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280.
CVE-2006-7146 EXPLOITDB perl WORKING POC
Cuttlefish Leicestershire Communityportals < 1.0 - Code Injection
PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions
CVE-2006-5311 EXPLOITDB perl WORKING POC
Buzlas 2006-1 Full - RCE
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.