R@1D3N - Security Researcher - Exploit Intelligence Platform

EIP-2026-109653 EXPLOITDB text WRITEUP

MusicBox 3.7 - Multiple Vulnerabilities

View Code

CVE-2006-2051 EXPLOITDB text WRITEUP

NextAge Shopping Cart - Stored Cross-Site Scripting via Username and Password Parameters

Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters.

View Code

CVE-2006-2121 EXPLOITDB php WORKING POC

i-rater Platinum - Remote File Inclusion via include_path Parameter

PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.

View Code

CVE-2006-2241 EXPLOITDB text WRITEUP

Fast Click SQL Lite <= 1.1.3 - Remote File Inclusion via show.php path Parameter

PHP remote file inclusion vulnerability in show.php in Fast Click SQL Lite 1.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: This is a different vulnerability than CVE-2006-2175.

View Code

CVE-2006-2175 EXPLOITDB perl WORKING POC

FtrainSoft Fast Click <= 2.3.8 - Remote File Inclusion via Path Parameter

PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.

View Code

CVE-2006-3069 EXPLOITDB text WRITEUP

DoubleSpeak 0.1 - Remote File Inclusion via config[private] Parameter

PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the config[private] parameter in multiple files, as demonstrated by (1) index.php, (2) faq.php, and (3) hardware.php. NOTE: this issue has been disputed by multiple third-party researchers, who state that config[private] is initialized in an include file before being used

View Code

CVE-2006-2122 EXPLOITDB php WORKING POC

CoolMenus - Remote File Inclusion via Page Parameter

PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is probably erroneous, since CoolMenus does not appear to be written in PHP.

View Code