ThE TiGeR

29 exploits Active since Mar 2007
CVE-2007-2817 EXPLOITDB WORKING POC
ol'bookmarks 0.7.4 - SQL Injection
SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6518 EXPLOITDB WORKING POC
WoltLab Burning Board (wBB) Lite 1.0.2 pl3e - SQL Injection
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.
CVE-2007-4807 EXPLOITDB text WORKING POC
Focus Sis - Code Injection
Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php.
CVE-2007-4806 EXPLOITDB text WORKING POC
Focus Sis - Code Injection
PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter.
CVE-2007-2816 EXPLOITDB text WORKING POC
ol'bookmarks 0.7.4 - RCE
Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.
CVE-2007-2596 EXPLOITDB text WORKING POC
aForum <1.32 - RCE
PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.
CVE-2006-7127 EXPLOITDB text WORKING POC
Salims Softhouse Jaf Cms - Code Injection
Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.
CVE-2007-2709 EXPLOITDB text WRITEUP
NagiosQL 2005 2.00 - RCE
PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter.
CVE-2007-2575 EXPLOITDB text WRITEUP
PHP watermark <0.4.1 - RCE
PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
CVE-2007-2943 EXPLOITDB text WRITEUP
Webavis 0.1.1 - RCE
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2007-2573 EXPLOITDB text WORKING POC
PHPtree 1.3 - RCE
PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter.
CVE-2007-1778 EXPLOITDB text WORKING POC
Eve-Nuke <0.1 - Code Injection
PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-4763 EXPLOITDB text WORKING POC
TIM Jackson Phpof < 20040226 - Code Injection
PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter.
CVE-2008-6409 EXPLOITDB text WORKING POC
Brian Wilson Ol'bookmarks - SQL Injection
SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.
CVE-2007-2710 EXPLOITDB text WRITEUP
NagiosQL <2.00-P00 - RCE
PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2608 EXPLOITDB text WORKING POC
Miplex2 Alpha 1 - RCE
PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.
CVE-2007-2706 EXPLOITDB text WORKING POC
Media Gallery <1.4.8a - RCE
PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.
CVE-2007-2939 EXPLOITDB text WORKING POC
Mazen's PHP Chat 3.0.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
CVE-2007-2707 EXPLOITDB text WRITEUP
Linksnet Newsfeed 1.0 - RCE
PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.
CVE-2008-1609 EXPLOITDB text WORKING POC
JAF CMS 4.0 RC2 - RCE
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.
CVE-2007-4942 EXPLOITDB text WORKING POC
Focus-sis Focus Sis - Code Injection
PHP remote file inclusion vulnerability in modules/Discipline/StudentFieldBreakdown.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter, a different vector than CVE-2007-4806. NOTE: the provenance of this information is unknown.
CVE-2007-2204 EXPLOITDB text WORKING POC
GPL PHP Board unstable-2001.11.14-1 - RCE
Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php.
CVE-2007-2936 EXPLOITDB text WRITEUP
Frequency Clock 0.1b - RCE
Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
CVE-2007-2527 EXPLOITDB text WRITEUP
DynamicPAD <1.03.31 - RCE
Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php.
CVE-2007-2663 EXPLOITDB text WORKING POC
Beacon 0.2.0 - RCE
PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter.