ToXiC

10 exploits Active since Dec 2002
CVE-2002-2298 EXPLOITDB WORKING POC
thatware 0.3-0.5.3 - Remote Code Execution via config.php root_path Parameter
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVE-2006-4159 EXPLOITDB text WORKING POC
Chaussette < 080706 - Remote Code Execution via _BASE Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php.
CVE-2006-4213 EXPLOITDB text WORKING POC
PHP <0.4.6 - Remote Code Execution
PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2006-4158 EXPLOITDB text WORKING POC
spaminator < 1.7 - Remote File Inclusion via Login.php Page Parameter
PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-4121 EXPLOITDB text WRITEUP
See-Commerce 1.0.625 - Remote File Inclusion via owimg.php3 path Parameter
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-4103 EXPLOITDB text WORKING POC
PHP <1.3 - Remote Code Execution
PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
CVE-2006-4113 EXPLOITDB text WORKING POC
PHP <4.2 - Remote Code Execution
PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter.
EIP-2026-106833 EXPLOITDB text WRITEUP
Elite Bulletin Board - Multiple SQL Injections
EIP-2026-106246 EXPLOITDB text WORKING POC
CruxCMS 3.0 - Multiple Input Validation Vulnerabilities
CVE-2006-4216 EXPLOITDB text WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4159. Reason: This candidate is a duplicate of CVE-2006-4159. Notes: All CVE users should reference CVE-2006-4159 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage