VietMafia

4 exploits Active since Apr 2006
CVE-2006-2395 EXPLOITDB text WORKING POC
PopSoft Digital PopPhoto Studio <= 3.5.4 - Remote Code Execution via include_path Parameter
PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update."
CVE-2006-1922 EXPLOITDB text WRITEUP
TotalCalendar - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
CVE-2006-2182 EXPLOITDB perl WORKING POC
albinator <= 2.0.8 - Remote File Inclusion via Config_rootdir Parameter
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.
CVE-2006-2245 EXPLOITDB perl WORKING POC
phpbb-auction - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.