R@1D3N - Security Researcher - Exploit Intelligence Platform

EIP-2026-109653 EXPLOITDB text WRITEUP

MusicBox 3.7 - Multiple Vulnerabilities

View Code

CVE-2006-2051 EXPLOITDB text WRITEUP

Nextage Shopping Cart - XSS

Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters.

View Code

CVE-2006-2121 EXPLOITDB php WORKING POC

I-RATER Platinum - RCE

PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.

View Code

CVE-2006-2241 EXPLOITDB text WRITEUP

Fast Click SQL Lite <1.1.3 - RCE

PHP remote file inclusion vulnerability in show.php in Fast Click SQL Lite 1.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: This is a different vulnerability than CVE-2006-2175.

View Code

CVE-2006-2175 EXPLOITDB perl WORKING POC

FtrainSoft Fast Click <2.3.8 - RCE

PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.

View Code

CVE-2006-3069 EXPLOITDB text WRITEUP

DoubleSpeak 0.1 - RCE

PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the config[private] parameter in multiple files, as demonstrated by (1) index.php, (2) faq.php, and (3) hardware.php. NOTE: this issue has been disputed by multiple third-party researchers, who state that config[private] is initialized in an include file before being used

View Code

CVE-2006-2122 EXPLOITDB php WORKING POC

Coolmenus - Code Injection

PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is probably erroneous, since CoolMenus does not appear to be written in PHP.

View Code