iNs

5 exploits Active since Aug 2007
CVE-2007-5489 EXPLOITDB text WORKING POC
Artmedic CMS <= 3.4 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2007-4486 EXPLOITDB text WRITEUP
Linkliste 1.2 - Remote File Inclusion via styl[top], url_eintrag, or styl[themen] Parameter
Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter.
CVE-2007-5440 EXPLOITDB text WRITEUP
CRS Manager - Remote File Inclusion via DOCUMENT_ROOT Parameter
Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker
CVE-2007-5417 EXPLOITDB text WRITEUP
boastMachine 2.8 - Path Traversal via id Parameter
Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2007-5600 EXPLOITDB text WORKING POC
Artmedic CMS < 3.4 - Remote Code Execution via Page Parameter URL Scheme Bypass
Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.