iNs

5 exploits Active since Aug 2007
CVE-2007-5489 EXPLOITDB text WORKING POC
Artmedic Webdesign Artmedic Cms - Path Traversal
Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2007-4486 EXPLOITDB text WRITEUP
Linkliste 1.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter.
CVE-2007-5440 EXPLOITDB text WRITEUP
Crs Manager - Improper Input Validation
Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker
CVE-2007-5417 EXPLOITDB text WRITEUP
Boastmachine - Path Traversal
Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2007-5600 EXPLOITDB text WORKING POC
Artmedic Webdesign Artmedic Cms < 3.4 - Code Injection
Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.