Rizgar

9 exploits Active since Aug 2007
CVE-2007-4329 EXPLOITDB text WORKING POC
Web News 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.
CVE-2007-4329 EXPLOITDB text WORKING POC
Web News 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.
CVE-2007-4329 EXPLOITDB text WORKING POC
Web News 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.
CVE-2007-4330 EXPLOITDB text WORKING POC
Shoutbox 1.0 - Remote File Inclusion via Root Parameter
PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2007-4314 EXPLOITDB text WORKING POC
Pixlie 1.7 - Denial of Service via Remote Directory Tree Processing
pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. NOTE: this can be leveraged for traffic amplification or other denial of service.
CVE-2007-4325 EXPLOITDB text WORKING POC
Gaestebuch 1.5 - Remote File Inclusion via config[root_ordner] Parameter
PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
CVE-2007-4327 EXPLOITDB text WORKING POC
File Uploader 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php.
CVE-2007-4327 EXPLOITDB text WORKING POC
File Uploader 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php.
CVE-2007-4328 EXPLOITDB text WORKING POC
Mapos Bilder Galerie - Remote Code Execution via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php. NOTE: A later report states that 1.1 is also affected, but that the filename for vector 3 is anzeigen.php.