Root3r_H3ll

23 exploits Active since Aug 2006
EIP-2026-114395 EXPLOITDB text WORKING POC
WWWThreads 5.4 - 'Cat' Multiple Cross-Site Scripting Vulnerabilities
CVE-2006-5021 EXPLOITDB CRITICAL text WRITEUP
redblog 0.5 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS 9.8
CVE-2006-4366 EXPLOITDB text WORKING POC
RedBLoG 0.5 - Remote Code Execution
PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5021 EXPLOITDB CRITICAL text WRITEUP
redblog 0.5 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS 9.8
CVE-2006-5021 EXPLOITDB CRITICAL text WRITEUP
redblog 0.5 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS 9.8
CVE-2006-5021 EXPLOITDB CRITICAL text WRITEUP
redblog 0.5 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS 9.8
EIP-2026-111257 EXPLOITDB text WRITEUP
PHP_news 2.0 - '/admin/news.php?language' Remote File Inclusion
EIP-2026-111259 EXPLOITDB text WRITEUP
PHP_news 2.0 - 'user_user.php?language' Remote File Inclusion
EIP-2026-111258 EXPLOITDB text WORKING POC
PHP_news 2.0 - 'creat_news_all.php?language' Remote File Inclusion
EIP-2026-111256 EXPLOITDB text WRITEUP
PHP_news 2.0 - '/admin/catagory.php?language' Remote File Inclusion
CVE-2006-5090 EXPLOITDB text WRITEUP
Phoenix Evolution CMS - Cross-Site Scripting via mod, action, or pageid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5090 EXPLOITDB text WRITEUP
Phoenix Evolution CMS - Cross-Site Scripting via mod, action, or pageid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
EIP-2026-109776 EXPLOITDB text WORKING POC
MyPhotos 0.1.3b - 'index.php' Remote File Inclusion
CVE-2006-5089 EXPLOITDB text WRITEUP
Jim Plush My-BIC 0.6.5 - Remote File Inclusion via mybic_server.php file Parameter
PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. CVE disputes this vulnerability because the file variable is defined before use in a way that prevents arbitrary inclusion
EIP-2026-109028 EXPLOITDB perl WORKING POC
KnowledgeBuilder 2.2 - 'visEdit_Control.Class.php' Remote File Inclusion
CVE-2006-5920 EXPLOITDB text WRITEUP
Yuuki Yoshizawa Exporia 0.3.0 - RCE
PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus disputes this issue, saying "further analysis reveals that the application is not vulnerable." NOTE: this issue may overlap CVE-2006-5113
CVE-2006-5064 EXPLOITDB text WRITEUP
birdblog 1.4 - Cross-Site Scripting via entryid, page, or uid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5064 EXPLOITDB text WRITEUP
birdblog 1.4 - Cross-Site Scripting via entryid, page, or uid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5064 EXPLOITDB text WRITEUP
birdblog 1.4 - Cross-Site Scripting via entryid, page, or uid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5103 EXPLOITDB perl WORKING POC
bbsnew 2.0.1 - Remote File Inclusion via admin/index2.php right Parameter
PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter.
CVE-2006-5076 EXPLOITDB perl WORKING POC
OpenConcept Back-End 0.4.5 - Remote File Inclusion via includes_path Parameter
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.
CVE-2006-5076 EXPLOITDB text WRITEUP
OpenConcept Back-End 0.4.5 - Remote File Inclusion via includes_path Parameter
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.
CVE-2006-5076 EXPLOITDB text WRITEUP
OpenConcept Back-End 0.4.5 - Remote File Inclusion via includes_path Parameter
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.