v1per-haCker

16 exploits Active since Sep 2006
CVE-2006-4656 EXPLOITDB WORKING POC
Web Provence SL_Site < 1.0 - Remote File Inclusion via spaw_root Parameter
PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition.
CVE-2007-0485 EXPLOITDB text WORKING POC
WebChat 0.77 - Remote File Inclusion via WEBCHATPATH Parameter
PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.
CVE-2006-5893 EXPLOITDB text WRITEUP
iWonder Designs Storystream 0.4.0.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/.
CVE-2006-5282 EXPLOITDB text WORKING POC
sh-news < 3.1 - Remote File Inclusion via scriptpath Parameter
Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php.
CVE-2006-5126 EXPLOITDB text WORKING POC
PowerPortal 1.3a - Remote File Inclusion via index.php file_name[] Parameter
PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.
CVE-2006-6612 EXPLOITDB text WORKING POC
phpmycms 0.3 - Remote File Inclusion via basic.inc.php basepath_start Parameter
PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter.
CVE-2007-0361 EXPLOITDB text WORKING POC
phpmyphorum 1.5a - Remote File Inclusion via mep/frame.php chem Parameter
PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.
CVE-2006-5634 EXPLOITDB text WORKING POC
phpProfiles < 2.1_beta - Remote Code Execution via reqpath or usrinc Parameter
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php.
CVE-2006-5624 EXPLOITDB text WORKING POC
MPCS <1.0.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-6341 EXPLOITDB text WRITEUP
mg.applanix < 1.3.1 - Remote File Inclusion via apx_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php.
CVE-2006-5863 EXPLOITDB text WORKING POC
otterware letterit2 - Remote File Inclusion via lang Parameter
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2006-5923 EXPLOITDB text WORKING POC
GimeScripts Shopping Catalog < 0.9.1 - Remote File Inclusion via Custom Parameter
PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter.
CVE-2006-5637 EXPLOITDB text WORKING POC
Faq Administrator 2.1b - Remote File Inclusion via faq_reply.php Email Parameter
PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter.
CVE-2006-5291 EXPLOITDB text WORKING POC
Alex Downloadengine - Code Injection
PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656.
CVE-2006-5621 EXPLOITDB text WORKING POC
ask_rave < 0.9b - Remote Code Execution via end.php footfile Parameter
PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter.
CVE-2006-5135 EXPLOITDB text WORKING POC
A-Blog 2 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b) navigation/search.php and (c) navigation/donation.php; and the (6) navigation_start and (7) navigation_middle parameters in navigation/donation.php, (d) navigation/latestnews.php, and (e) navigation/links.php; different vectors than CVE-2006-5092.