RoMaNcYxHaCkEr

47 exploits Active since Oct 2006
CVE-2008-1903 EXPLOITDB text WORKING POC
Newanz NewsOffice 1.0 and 1.1 - Remote Code Execution via news_show.php newsoffice_directory Parameter
PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter.
CVE-2008-1857 EXPLOITDB text WORKING POC
Make our Life Easy Mole <2.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
CVE-2007-6653 EXPLOITDB text WORKING POC
Mihalism Multi Host <2.0.7 - Path Traversal
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2009-0767 EXPLOITDB text WORKING POC
bookelves kipper 2.01 - Unauthenticated Credential Exposure via Direct Request
Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.
CVE-2007-6603 EXPLOITDB text WRITEUP
Hot or Not Clone - Unauthenticated Database Backup Disclosure via Direct Request
Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php.
CVE-2008-2220 EXPLOITDB text WORKING POC
Interact Learning Community Environment 2.4.1 - Remote Code Execution via CONFIG Parameter Manipulation
Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448.
CVE-2007-6464 EXPLOITDB text WORKING POC
Form Tools 1.5.0b - Remote Code Execution via g_root_dir Parameter
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
CVE-2009-3182 EXPLOITDB text WORKING POC
Anantasoft Gazelle CMS 1.0 - Unauthenticated Arbitrary File Upload via File Manager
Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/.
CVE-2007-6325 EXPLOITDB text WORKING POC
Fastpublish CMS 1.9999 - Remote File Inclusion via config[fsBase] Parameter
PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.
CVE-2008-1773 EXPLOITDB text WORKING POC
Dragoon 0.1 - Remote Code Execution
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2007-6479 EXPLOITDB text WRITEUP
Dokeos 1.8.4 - Authenticated Arbitrary File Upload via Double Extension Bypass
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
CVE-2008-2128 EXPLOITDB text WRITEUP
CMS Faethon 2.2 Ultimate - Remote Code Execution via mainpath Parameter
PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185.
CVE-2008-2228 EXPLOITDB text WORKING POC
Cyberfolio 7.12 - Remote Code Execution via rep Parameter
PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter.
EIP-2026-106144 EXPLOITDB text WORKING POC
Content Management System for Phprojekt 0.6.1 - Remote File Inclusion
CVE-2008-2912 EXPLOITDB text WORKING POC
Contenido CMS 4.8.4 - Remote Code Execution via Multiple PHP File Inclusion Parameters
Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenido_path parameter to (a) contenido/backend_search.php; the (2) cfg[path][contenido] parameter to (b) move_articles.php, (c) move_old_stats.php, (d) optimize_database.php, (e) run_newsletter_job.php, (f) send_reminder.php, (g) session_cleanup.php, and (h) setfrontenduserstate.php in contenido/cronjobs/, and (i) includes/include.newsletter_jobs_subnav.php and (j) plugins/content_allocation/includes/include.right_top.php in contenido/; the (3) cfg[path][templates] parameter to (k) includes/include.newsletter_jobs_subnav.php and (l) plugins/content_allocation/includes/include.right_top.php in contenido/; and the (4) cfg[templates][right_top_blank] parameter to (m) plugins/content_allocation/includes/include.right_top.php and (n) contenido/includes/include.newsletter_jobs_subnav.php in contenido/, different vectors than CVE-2006-5380.
CVE-2007-6324 EXPLOITDB text WORKING POC
CityWriter 0.9.7 - Remote Code Execution via Path Parameter in head.php
PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2008-3167 EXPLOITDB text WORKING POC
BoonEx Dolphin 6.1.2 - Remote Code Execution via dir[plugins] or sIncPath Parameter
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.
CVE-2008-3166 EXPLOITDB text WORKING POC
BoonEx Ray 3.5 - Remote Code Execution via sIncPath Parameter
PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.
EIP-2026-105503 EXPLOITDB text WRITEUP
Black Sheep Web Software Form Tools 1.5 - Multiple Remote File Inclusions
CVE-2008-0091 EXPLOITDB text WORKING POC
agency4net WEBFTP 1 - Path Traversal and Arbitrary File Read/Delete via download2.php file Parameter
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.
CVE-2009-4203 EXPLOITDB text WRITEUP
Arab Portal 2.2 - SQL Injection via X-Forwarded-For or Client-IP Header
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.
CVE-2009-0527 EXPLOITDB text WORKING POC
AdaptCMS Lite 1.4 - Remote Code Execution via RSS Importer Sitepath Parameter
PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.