THUNDER

CVE-2008-4141 EXPLOITDB text WORKING POC

x10media .x10_automatic_mp3_script 1.5.5 - Remote File Inclusion via web_root Parameter

Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php.

View Code

CVE-2008-6960 EXPLOITDB text WORKING POC

x10 Automatic Mp3 Search Engine Script 1.5.5-1.6 - Unauthenticated Arbitrary File Read via Encoded URL Parameter

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.

View Code

EIP-2026-114402 EXPLOITDB text WORKING POC

X10media Mp3 Search Engine < 1.6.2 - Admin Access

View Code

CVE-2005-0116 EXPLOITDB c WORKING POC

awstats < 6.3 - Remote Code Execution via configdir Parameter

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

View Code