x0r0n

8 exploits Active since Apr 2007
CVE-2007-2541 EXPLOITDB text WORKING POC
Versado CMS 1.07 - Remote File Inclusion via urlModulo Parameter
PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.
EIP-2026-112701 EXPLOITDB text WRITEUP
Tiny Web Gallery 1.5 - 'Image' Multiple Remote File Inclusions
CVE-2007-2347 EXPLOITDB text WORKING POC
OneClick CMS < 05.10 - Remote File Inclusion via site_path Parameter
PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
CVE-2007-2544 EXPLOITDB text WRITEUP
PHP TopTree BBS < 2.0.1a - Remote File Inclusion via right_file Parameter
PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter.
CVE-2007-1907 EXPLOITDB text WORKING POC
Pathos Content Management System 0.92-2 - Remote File Inclusion via warn.php file Parameter
PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-1837 EXPLOITDB text WORKING POC
MangoBery CMS 0.5.5 - Remote File Inclusion via Site_Path Parameter
Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the Site_Path parameter to (1) boxes/quotes.php or (2) templates/mangobery/footer.sample.php.
CVE-2007-2521 EXPLOITDB text WRITEUP
e-gads < 2.2.6 - Remote Code Execution via Locale Parameter
PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.
CVE-2007-1986 EXPLOITDB text WORKING POC
barnraiser AROUNDMe 0.7.7 - Remote File Inclusion via Language Path Parameter
Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533.