nuffsaid

22 exploits Active since Oct 2006
CVE-2006-5497 EXPLOITDB text WORKING POC
Segue CMS < 1.5.7 - Remote File Inclusion via themesdir Parameter
PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter.
CVE-2006-6042 EXPLOITDB text WORKING POC
phpwebthings < 1.5.2 - Remote File Inclusion via editor_insert_bottom Parameter
PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter.
CVE-2006-6790 EXPLOITDB perl WORKING POC
Ultimate PHP Board <2.0b1 - Code Injection
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
CVE-2006-6686 EXPLOITDB text WORKING POC
textsend < 1.5 - Remote File Inclusion via ROOT_PATH Parameter
PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
CVE-2006-5722 EXPLOITDB text WORKING POC
Segue CMS < 1.5.9 - Remote File Inclusion via Theme Parameter
Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3141 EXPLOITDB text WORKING POC
phpWebThings 1.5.2 - Remote File Inclusion via editor_insert_top Parameter
PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042.
CVE-2006-6715 EXPLOITDB text WORKING POC
PowerClan < 1.14a - Remote File Inclusion via footer.inc.php settings[footer] Parameter
PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter.
CVE-2006-5432 EXPLOITDB text WORKING POC
phpPowerCards 2.10 - Code Injection
Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file.
CVE-2006-6740 EXPLOITDB text WORKING POC
phpProfiles < 3.1.2b - Remote Code Execution via Menu or Incpath Parameter
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6760 EXPLOITDB text WRITEUP
phpmymanga <= 0.8.1 - Remote Code Execution via template.php Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in template.php in Phpmymanga 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPage parameter.
EIP-2026-110689 EXPLOITDB perl WORKING POC
PHP Easy Downloader 1.5 - 'save.php' Remote Code Execution
CVE-2006-6739 EXPLOITDB text WORKING POC
Paristemi 0.8.3 - Remote Code Execution via HTTP_DOCUMENT_ROOT Parameter
PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689.
CVE-2006-6710 EXPLOITDB text WORKING POC
PgmReloaded < 0.8.5 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.
CVE-2006-6796 EXPLOITDB perl WORKING POC
mtcms < 2.0 - Remote File Inclusion via admin_settings.php ins_file Parameter
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
CVE-2006-5730 EXPLOITDB text WORKING POC
Modx CMS <0.9.2.1 - Remote Code Execution
PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor.
CVE-2006-6770 EXPLOITDB text WORKING POC
Jinzora Media Jukebox < 2.7 - Remote File Inclusion via Include Path Parameter
Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php.
CVE-2006-5837 EXPLOITDB text WORKING POC
SimpleChat 1.0.0 - Static Code Injection via chat_panel.php msg Parameter
Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter.
CVE-2006-6771 EXPLOITDB text WORKING POC
Irokez CMS < 0.7.1 - Remote File Inclusion via Multiple PHP Script Parameters
Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/.
CVE-2006-5412 EXPLOITDB text WORKING POC
PHP Outburst Easynews <4.4.1 - Auth Bypass
admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter.
CVE-2007-0135 EXPLOITDB text WORKING POC
Aratix < 0.2.2_beta_11 - Remote File Inclusion via current_path Parameter
PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.
CVE-2006-6720 EXPLOITDB text WORKING POC
Azucar CMS 1.3 - Remote Code Execution via _VIEW Parameter
PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter.
CVE-2006-5433 EXPLOITDB text WORKING POC
ALiCE-CMS 0.1 - Remote File Inclusion via CONFIG[local_root] Parameter
PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter.