xoron

93 exploits Active since Dec 2002
CVE-2006-5124 EXPLOITDB WORKING POC
phpMyWebmin 1.0 - Remote File Inclusion via URL Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) target and (2) action parameters in window.php, and possibly the (3) target parameter in home.php.
CVE-2006-5125 EXPLOITDB WORKING POC
phpMyWebmin 1.0 - Directory Traversal via Window.php Target Parameter
Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function.
CVE-2007-1481 EXPLOITDB text WORKING POC
WBBlog - SQL Injection via e_id Parameter
SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd.
CVE-2007-1015 EXPLOITDB text WORKING POC
Aktueldownload Haber - SQL Injection
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2002-2217 EXPLOITDB text WORKING POC
Web Server Creator - Web Portal 0.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php.
CVE-2004-1423 EXPLOITDB text WORKING POC
php-calendar < 0.10.1 - Remote Code Execution via phpc_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
CVE-2006-4036 EXPLOITDB text WORKING POC
ZoneMetrics ZoneX Publishers Gold Edition <1.0.3 - RCE
PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0561 EXPLOITDB perl WORKING POC
Xero Portal 1.2 - Remote File Inclusion via phpbb_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/.
CVE-2006-6863 EXPLOITDB CRITICAL text WORKING POC
Enigma WordPress Bridge Enigma2.php - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value
CVSS 9.8
CVE-2006-4060 EXPLOITDB text WORKING POC
Visual Events Calendar 1.1 - Remote File Inclusion via cfg_dir Parameter
PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter.
CVE-2006-4746 EXPLOITDB text WORKING POC
Web Server Creator 0.1 - Remote File Inclusion via News Customize l Parameter
PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
CVE-2007-1482 EXPLOITDB text WORKING POC
WBBlog - Cross-Site Scripting via e_id Parameter
Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd.
CVE-2009-0446 EXPLOITDB php WORKING POC
WEBalbum 2.4b - SQL Injection via photo.php id Parameter
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-4166 EXPLOITDB text WORKING POC
TinyWebGallery <= 1.5 - Remote File Inclusion via Image Parameter
PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2.
CVE-2006-5539 EXPLOITDB text WORKING POC
UeberProject Management System <1.0 - RCE
PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter.
CVE-2006-4012 EXPLOITDB text WORKING POC
circeOS SaveWeb Portal 3.4 - RCE
Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687.
CVE-2006-3922 EXPLOITDB text WORKING POC
PortailPHP < 1.7 - Remote File Inclusion via chemin Parameter
PHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2007-2427 EXPLOITDB text WORKING POC
pnFlashGames 1.5 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2006-4373 EXPLOITDB text WORKING POC
pSlash 0.70 - Remote File Inclusion via lvc_include_dir Parameter
PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.
CVE-2006-4498 EXPLOITDB text WORKING POC
PhpAlbum 2.15 - Remote File Inclusion via chemin Parameter
PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922.
CVE-2007-1641 EXPLOITDB perl WORKING POC
PortailPHP 2.0 - SQL Injection via idnews Parameter
SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter.
CVE-2007-5173 EXPLOITDB text WORKING POC
phpBB Openid 0.2.0 - Remote Code Execution via openid_root_path Parameter
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2007-0761 EXPLOITDB text WORKING POC
phpBB ezBoard converter 0.2 - Remote File Inclusion via ezconvert_dir Parameter
PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.
CVE-2007-0680 EXPLOITDB text WORKING POC
phpbb_tweaked < 3 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-6789 EXPLOITDB text WORKING POC
phpbbxtra 2.0 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.