Philipp Niedziela

15 exploits Active since Aug 2006
CVE-2006-4055 EXPLOITDB WORKING POC
TSEP <0.942 - RCE
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
CVE-2006-3993 EXPLOITDB text WORKING POC
Olaf Noehring TSEP 0.942 - RCE
PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter.
EIP-2026-114487 EXPLOITDB text WRITEUP
XT:Commerce < 3.04 SP2.1 - Cross-Site Scripting
CVE-2006-4209 EXPLOITDB text WORKING POC
WEBInsta Mailing List Manager 1.3e - RCE
PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter.
EIP-2026-113318 EXPLOITDB text WORKING POC
WEBinsta Mailing List Manager 1.3 - 'Install3.php' Remote File Inclusion
CVE-2006-4085 EXPLOITDB text WORKING POC
Olaf Noehring The Search Engine Project (TSEP) <0.942 - RCE
PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4311 EXPLOITDB text WRITEUP
Sonium Enterprise Adressbook 0.2 - RCE
PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php.
CVE-2006-4713 EXPLOITDB text WRITEUP
PSYWERKS PUMA 1.0 RC2 - RCE
PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
CVE-2006-3984 EXPLOITDB text WORKING POC
Albasoftware Phpauction <2.1 - RCE
PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.
CVE-2006-4050 EXPLOITDB text WORKING POC
PHP AMA <3.2.4 - RCE
PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter.
CVE-2006-4059 EXPLOITDB text WORKING POC
USOLVED NEWSolved Lite <1.9.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php.
CVE-2006-3966 EXPLOITDB text WORKING POC
Carlos Sanchez Valle Mynewsgroups < 0.6b - Code Injection
PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
CVE-2006-4596 EXPLOITDB text WRITEUP
MyBace Light Skrip - RCE
PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php.
CVE-2006-4053 EXPLOITDB text WORKING POC
ME Download System 1.3 - RCE
PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter.
CVE-2006-4077 EXPLOITDB text WORKING POC
Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1 - RCE
PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter.