fish

6 exploits Active since Jan 2001
CVE-2007-3220 EXPLOITDB text WRITEUP
Cjay Content Module for XOOPS - Remote File Inclusion via spaw_root Parameter
PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656.
CVE-2007-3221 EXPLOITDB text WORKING POC
XOOPS XT-Conteudo - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
CVE-2006-6765 EXPLOITDB perl WORKING POC
pagetool < 1.07 - Remote Code Execution via File Inclusion in pt_upload.php
Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.
CVE-2007-3813 EXPLOITDB text WRITEUP
mkportal noboard_module - Remote File Inclusion via MK_PATH Parameter
PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.
CVE-2007-3812 EXPLOITDB text WORKING POC
CMScout < 1.23 - SQL Injection via forums.php f Parameter
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
CVE-2000-1125 EXPLOITDB bash WORKING POC
Red Hat Linux 6.2 - Privilege Escalation
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.