w0cker

6 exploits Active since Sep 2007
CVE-2007-5089 EXPLOITDB text WRITEUP
sk.log 0.5.3 - Remote Code Execution via SKIN_URL Parameter
PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.log 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SKIN_URL parameter.
CVE-2008-1776 EXPLOITDB text WORKING POC
phpblock A8.4 - Remote Code Execution via PATH_TO_CODE Parameter
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.
CVE-2007-5157 EXPLOITDB text WRITEUP
PHP Fidonet Tosser 1.3.0 - Remote Code Execution via SRC_PATH Parameter
PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post.
EIP-2026-106320 EXPLOITDB text WORKING POC
Cybershade CMS 0.2b - Remote File Inclusion
CVE-2008-1696 EXPLOITDB text WORKING POC
DaZPHPNews 0.1-1 - Path Traversal via makepost.php prefixdir Parameter
Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter.
CVE-2008-1798 EXPLOITDB text WORKING POC
Dragoon 0.1 - Path Traversal via cal[lng] Parameter
Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.