O.U.T.L.A.W

9 exploits Active since May 2006
CVE-2006-4157 EXPLOITDB text WRITEUP
Yabb - XSS
Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter.
CVE-2006-2174 EXPLOITDB text WRITEUP
Virtual Hosting Control System - XSS
Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter.
CVE-2006-4198 EXPLOITDB text WRITEUP
Wheatblog <1.1 - RCE
PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter.
CVE-2006-4322 EXPLOITDB text WRITEUP
Mambo - Com_Estateagent - RCE
PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
EIP-2026-109285 EXPLOITDB text WRITEUP
Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Remote File Inclusion
EIP-2026-109290 EXPLOITDB text WRITEUP
Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusions
CVE-2006-2121 EXPLOITDB php WORKING POC
I-RATER Platinum - RCE
PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.
CVE-2006-4240 EXPLOITDB perl WORKING POC
Fusion News 3.7 - RCE
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
CVE-2006-2138 EXPLOITDB text WORKING POC
Neomail - XSS
Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.