mozi

10 exploits Active since Oct 2006
CVE-2006-5186 EXPLOITDB text WORKING POC
phpMyProfiler <0.9.6 - RCE
PHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter.
EIP-2026-111115 EXPLOITDB php WORKING POC
phpList 2.10.x - Remote Code Execution / Local File Inclusion
CVE-2006-5192 EXPLOITDB text WORKING POC
phpGreetz <0.99 - RCE
PHP remote file inclusion vulnerability in includes/footer.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPGREETZ_INCLUDE_DIR parameter.
CVE-2008-6423 EXPLOITDB text WORKING POC
I-apps Passwiki < 0.9.16 - Path Traversal
Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter.
EIP-2026-109542 EXPLOITDB text WRITEUP
modifyform - 'modifyform.html' Remote File Inclusion
CVE-2007-1299 EXPLOITDB text WRITEUP
Mani Stats Reader <1.2 - RCE
PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.
CVE-2007-5784 EXPLOITDB text WRITEUP
Caupo.net Cauposhop Pro < 2.1 - Code Injection
PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
CVE-2008-2645 EXPLOITDB text WORKING POC
Brim - Code Injection
Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
CVE-2007-3934 EXPLOITDB text STUB
BBS E-Market - RCE
PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter.
CVE-2007-4007 EXPLOITDB text WRITEUP
PHP <index.php - RCE
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.