xoron

93 exploits Active since Dec 2002
CVE-2006-5261 EXPLOITDB text WORKING POC
PHPMyNews <1.4 - RCE
Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cfg_include_dir parameter in (1) disp_form.php3, (2) disp_smileys.php3, (3) little_news.php3, and (4) index.php3 in include/.
CVE-2006-5458 EXPLOITDB text WORKING POC
PHP <common.php - RCE
PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter.
CVE-2006-6789 EXPLOITDB text WORKING POC
Phpbbxtra 2.0 - Code Injection
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-6088 EXPLOITDB text WORKING POC
phpBBViet <2.03.07 - RCE
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0656 EXPLOITDB text WORKING POC
phpBB2-MODificat <0.2.0 - RCE
PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0762 EXPLOITDB perl WORKING POC
phpBB++ <100 - RCE
PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
EIP-2026-110985 EXPLOITDB text WRITEUP
phpBB XS 0.58 - Multiple Remote File Inclusions
CVE-2006-5223 EXPLOITDB text WORKING POC
phpBB <1.0 - RCE
PHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-5173 EXPLOITDB text WORKING POC
Openid - Code Injection
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2007-1555 EXPLOITDB text WORKING POC
Minerva - SQL Injection
SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2007-0761 EXPLOITDB text WORKING POC
phpBB ezconvert <0.2 - RCE
PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.
CVE-2008-0881 EXPLOITDB text WORKING POC
Phpnuke Okul Module - SQL Injection
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
CVE-2008-0922 EXPLOITDB text WORKING POC
Php-nuke Manuales - SQL Injection
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
CVE-2006-5543 EXPLOITDB text WORKING POC
PHP Generator of Object SQL Database - RCE
PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-4115 EXPLOITDB text WORKING POC
PgMarket 2.2.3 - RCE
PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter.
CVE-2008-0880 EXPLOITDB text WORKING POC
Phpnuke Easycontent Module - SQL Injection
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
CVE-2007-1980 EXPLOITDB text WORKING POC
Nick Jones Topliste Module - SQL Injection
SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1978 EXPLOITDB text WORKING POC
PHP Fusion Arcade Module - SQL Injection
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
CVE-2007-0584 EXPLOITDB text WORKING POC
PhP Generic Library & Framework - RCE
PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2007-0143 EXPLOITDB text WORKING POC
NUNE News Script 2.0pre2 - RCE
Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.
CVE-2007-0683 EXPLOITDB text WORKING POC
Omegaboard <1.0beta4 - RCE
PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5517 EXPLOITDB text WORKING POC
Rhode Island Secretary OF State Open ... - Code Injection
Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php.
CVE-2009-0395 EXPLOITDB text WORKING POC
NetArt Media Car Portal 1.0 - SQL Injection
SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2006-5613 EXPLOITDB text WORKING POC
MP3 Streaming DownSampler <3.0 - RCE
PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter
CVE-2006-5180 EXPLOITDB text WORKING POC
Sebastian Baumann & Philipp Wolfer Newswriter <1.42 - RCE
PHP remote file inclusion vulnerability in include/main.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter, a different vector than CVE-2006-5102.