cr4wl3r

143 exploits Active since Jan 2006
CVE-2009-4085 EXPLOITDB text WRITEUP
PHP Traverser 0.8.0 - Remote Code Execution
PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-111575 EXPLOITDB text WORKING POC
Public Media Manager - Remote File Inclusion
EIP-2026-111568 EXPLOITDB text WORKING POC
Ptag 4.0.0 - Multiple Remote File Inclusions
CVE-2010-2138 EXPLOITDB text WORKING POC
ProMan < 0.1.1 - Remote File Inclusion via _SESSION[userLang] Parameter
Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php.
CVE-2009-2791 EXPLOITDB text WRITEUP
WebDynamite ProjectButler 1.5.0 - Code Injection
PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.
CVE-2010-2134 EXPLOITDB text WORKING POC
Project Man 1.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
EIP-2026-111397 EXPLOITDB text WORKING POC
Police Municipale Open Main Courante 1.01beta - Local File Inclusion / Remote File Inclusion
CVE-2009-4220 EXPLOITDB text WRITEUP
PointComma < 3.8b2 - Remote Code Execution via pcConfig[smartyPath] Parameter
PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter.
EIP-2026-111315 EXPLOITDB perl WORKING POC
pL-PHP Beta 0.9 - Local File Inclusion
CVE-2009-3312 EXPLOITDB text WORKING POC
phppollscript < 1.3 - Remote Code Execution via include_class Parameter
PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter.
CVE-2009-4472 EXPLOITDB text WRITEUP
PHPope < 1.0.0 - Remote Code Execution via GLOBALS Parameter Manipulation
Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[config][dir][plugins] parameter to plugins/address/admin/index.php, (2) GLOBALS[config][dir][functions] parameter to plugins/im/compose.php, and (3) GLOBALS[config][dir][classes] parameter to plugins/cssedit/admin/index.php.
EIP-2026-111169 EXPLOITDB text WORKING POC
PHPMyRecipes 1.2.2 - 'viewrecipe.php?r_id' SQL Injection
CVE-2010-1537 EXPLOITDB text WORKING POC
phpCDB < 1.0 - Remote File Inclusion via Lang Global Parameter
Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_global parameter to (1) firstvisit.php, (2) newfolder.php, (3) showfolders.php, (4) newlang.php, (5) showinnerfolder.php, (6) writecode.php, and (7) showcode.php.
CVE-2010-1538 EXPLOITDB text WORKING POC
phpRAINCHECK <1.0.1 - SQL Injection
SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-110902 EXPLOITDB text WORKING POC
PHP-RESIDENCE 0.7.2 - Multiple Local File Inclusions
EIP-2026-110725 EXPLOITDB text WORKING POC
PHP MBB CMS 004 - Multiple Vulnerabilities
CVE-2010-1947 EXPLOITDB text WORKING POC
openMairie Openregistrecil 1.02 - Remote File Inclusion via Directory Traversal in soustab.php
Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter. NOTE: this may be related to CVE-2007-2069.
CVE-2009-4779 EXPLOITDB text WORKING POC
NukeHall <= 0.3 - Remote Code Execution via spaw_root Parameter
Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/.
EIP-2026-110125 EXPLOITDB text WORKING POC
Online Job Board - Authentication Bypass
EIP-2026-110200 EXPLOITDB text WORKING POC
Online University - Authentication Bypass
EIP-2026-110227 EXPLOITDB text WRITEUP
Open Educational System 0.1 Beta - 'CONF_INCLUDE_PATH' Multiple Remote File Inclusions
CVE-2010-1921 EXPLOITDB text WORKING POC
OpenMairie openAnnuaire 2.00 - Remote File Inclusion via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/.
CVE-2010-1999 EXPLOITDB text WORKING POC
OpenMairie Opencatalogue 1.024 - Path Traversal via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
CVE-2010-1944 EXPLOITDB text WORKING POC
openMairie openCimetiere 2.01 - Remote Code Execution via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/.
CVE-2010-1936 EXPLOITDB text WRITEUP
openMairie openComInterne 1.01 - Path Traversal via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.