v1per-haCker

16 exploits Active since Sep 2006
CVE-2006-4656 EXPLOITDB WORKING POC
Web Provence SL_Site <1.0 - RCE
PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition.
CVE-2007-0485 EXPLOITDB text WORKING POC
WebChat 0.77 - RCE
PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.
CVE-2006-5893 EXPLOITDB text WRITEUP
iWonder Designs Storystream 0.4.0.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/.
CVE-2006-5282 EXPLOITDB text WORKING POC
SH-News <3.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php.
CVE-2006-5126 EXPLOITDB text WORKING POC
PowerPortal 1.3a - RCE
PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.
CVE-2006-6612 EXPLOITDB text WORKING POC
PhpMyCms <0.3 - RCE
PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter.
CVE-2007-0361 EXPLOITDB text WORKING POC
PHPMyphorum 1.5a - RCE
PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.
CVE-2006-5634 EXPLOITDB text WORKING POC
Phpprofiles < 2.1_beta - Code Injection
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php.
CVE-2006-5624 EXPLOITDB text WORKING POC
MPCS <1.0.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-6341 EXPLOITDB text WRITEUP
mg.applanix <1.3.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php.
CVE-2006-5863 EXPLOITDB text WORKING POC
LetterIt 2 - RCE
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2006-5923 EXPLOITDB text WORKING POC
Chris Mac gtcatalog <0.9.1 - RCE
PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter.
CVE-2006-5637 EXPLOITDB text WORKING POC
Faq Administrator 2.1b - RCE
PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter.
CVE-2006-5291 EXPLOITDB text WORKING POC
Alex Downloadengine - Code Injection
PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656.
CVE-2006-5621 EXPLOITDB text WORKING POC
Ask Rave < 0.9_pr - Code Injection
PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter.
CVE-2006-5135 EXPLOITDB text WORKING POC
A-Blog 2 - RCE
Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b) navigation/search.php and (c) navigation/donation.php; and the (6) navigation_start and (7) navigation_middle parameters in navigation/donation.php, (d) navigation/latestnews.php, and (e) navigation/links.php; different vectors than CVE-2006-5092.