kezzap66345

32 exploits Active since Feb 2007
CVE-2007-2542 EXPLOITDB text WRITEUP
PHP <workbench survival guide 0.11 - RCE
PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-2541 EXPLOITDB text WORKING POC
Versado CMS 1.07 - RCE
PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.
CVE-2007-1771 EXPLOITDB html WORKING POC
Ay System Solutions WCS 2.7.1 - RCE
PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter.
CVE-2007-2273 EXPLOITDB html WORKING POC
Alessandro Lulli wavewoo 0.1.1 - RCE
PHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter.
CVE-2007-1059 EXPLOITDB text WORKING POC
PHP - RCE
PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.
CVE-2007-2530 EXPLOITDB text WRITEUP
Tropicalm Crowell Resource <4.5.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php.
CVE-2007-2424 EXPLOITDB html WORKING POC
The Merchant <2.2 - RCE
PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.
CVE-2007-1131 EXPLOITDB text WORKING POC
Sinapis Forum 2.2 - RCE
PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
CVE-2007-1130 EXPLOITDB text WORKING POC
Sinapis Gastebuch 2.2 - RCE
PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
CVE-2007-5089 EXPLOITDB text WRITEUP
Sk.log - Code Injection
PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.log 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SKIN_URL parameter.
CVE-2007-2347 EXPLOITDB text WORKING POC
OneClick CMS <5.10 - RCE
PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
CVE-2007-5186 EXPLOITDB text WRITEUP
Segue Cms < 1.8.4 - Code Injection
PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. NOTE: this issue was disputed, but the dispute was retracted after additional analysis.
CVE-2007-2751 EXPLOITDB text WRITEUP
PHPGlossar 0.8 - RCE
Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php.
CVE-2008-1776 EXPLOITDB text WORKING POC
PhpBlock A8.4 - RCE
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.
CVE-2007-4232 EXPLOITDB text WRITEUP
Andreas Robertz PHPNews 0.93 - RCE
PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
CVE-2007-5185 EXPLOITDB text WORKING POC
Phpwcms-xt < 0.0.7_beta - Code Injection
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/.
CVE-2007-1907 EXPLOITDB text WORKING POC
Pathos CMS <0.92-2 - RCE
PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-5157 EXPLOITDB text WRITEUP
Php Fidonet Tosser - Code Injection
PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post.
EIP-2026-110673 EXPLOITDB text WORKING POC
PHP Content Architect 0.9 pre 1.2 - 'MFA_Theme.php' Remote File Inclusion
CVE-2007-2544 EXPLOITDB text WRITEUP
PHP TopTree BBS <2.0.1a - RCE
PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter.
CVE-2007-2572 EXPLOITDB text WRITEUP
PHP Content Architect <1.2 - RCE
PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter.
CVE-2007-1837 EXPLOITDB text WORKING POC
MangoBery CMS 0.5.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the Site_Path parameter to (1) boxes/quotes.php or (2) templates/mangobery/footer.sample.php.
CVE-2007-2607 EXPLOITDB text WRITEUP
LaVague <0.3 - RCE
PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.
CVE-2007-1013 EXPLOITDB text WORKING POC
VirtualSystem Htaccess Passwort Generator 1.1 - RCE
PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.
CVE-2007-5117 EXPLOITDB text WRITEUP
Frontaccounting - Code Injection
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.