mozi

10 exploits Active since Oct 2006
CVE-2006-5186 EXPLOITDB text WORKING POC
phpmyprofiler < 0.9.6 - Remote File Inclusion via pmp_rel_path Parameter
PHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter.
EIP-2026-111115 EXPLOITDB php WORKING POC
phpList 2.10.x - Remote Code Execution / Local File Inclusion
CVE-2006-5192 EXPLOITDB text WORKING POC
phpgreetz < 0.99 - Remote File Inclusion via PHPGREETZ_INCLUDE_DIR Parameter
PHP remote file inclusion vulnerability in includes/footer.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPGREETZ_INCLUDE_DIR parameter.
CVE-2008-6423 EXPLOITDB text WORKING POC
PassWiki < 0.9.16 - Path Traversal via site_id Parameter
Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter.
EIP-2026-109542 EXPLOITDB text WRITEUP
modifyform - 'modifyform.html' Remote File Inclusion
CVE-2007-1299 EXPLOITDB text WRITEUP
Mani Stats Reader <= 1.2 - Remote File Inclusion via index.php ipath Parameter
PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.
CVE-2007-5784 EXPLOITDB text WRITEUP
CaupoShop Pro < 2.1 - Remote Code Execution via Index.php Action Parameter
PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
CVE-2008-2645 EXPLOITDB text WORKING POC
Brim 1.0.1 - Remote Code Execution via Template Renderer Parameter
Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
CVE-2007-3934 EXPLOITDB text STUB
BBS E-Market - Remote File Inclusion via p_mode Parameter
PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter.
CVE-2007-4007 EXPLOITDB text WRITEUP
Article Directory - Remote File Inclusion via Page Parameter
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.