Timq

6 exploits Active since Aug 2006
CVE-2007-3936 EXPLOITDB text WORKING POC
a-shop < 0.70 - Path Traversal and Arbitrary File Deletion via filebrowser.asp delfiles Parameter
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter.
CVE-2006-4424 EXPLOITDB text WORKING POC
phpCOIN 1.2.3 - Remote File Inclusion via _CCFG[_PKG_PATH_INCL] Parameter
PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.
CVE-2006-4425 EXPLOITDB text WORKING POC
phpCOIN 1.2.3 - Remote File Inclusion via _CCFG[_PKG_PATH_INCL] Parameter
Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4849 EXPLOITDB text WORKING POC
MobilePublisherPHP < 1.5_rc2 - Remote File Inclusion via abspath Parameter
PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
EIP-2026-106147 EXPLOITDB text WRITEUP
ContentNow 1.30 - Arbitrary File Upload / Cross-Site Scripting
CVE-2007-3937 EXPLOITDB text WORKING POC
a-shop < 0.70 - SQL Injection
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.