xoron

93 exploits Active since Dec 2002
EIP-2026-109284 EXPLOITDB php WORKING POC
Mambo Component com_sim 0.8 - Blind SQL Injection
CVE-2006-3692 EXPLOITDB text WRITEUP
ListMessenger 0.9.3 - Remote File Inclusion via lm_path Parameter
PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable is set to a constant value. As of 20060726, CVE concurs with the vendor based on SecurityTracker's post-disclosure analysis
CVE-2006-4858 EXPLOITDB text WORKING POC
mamboxchange serverstat_component < 0.4.4 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-5620 EXPLOITDB text WORKING POC
MiniBILL 1.2.3 - Remote File Inclusion via config[page_dir] Parameter
PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489.
CVE-2006-4363 EXPLOITDB text WRITEUP
CropImage component 1.0 for Mambo - Remote File Inclusion via cropimagedir Parameter
PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter.
CVE-2007-5485 EXPLOITDB text WORKING POC
KwsPHP mg2 1.0 - SQL Injection via Album Parameter
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2006-6800 EXPLOITDB text WORKING POC
Limbo CMS Event Module 1.0 - Remote File Inclusion via lm_absolute_path Parameter
PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
CVE-2006-4129 EXPLOITDB text WORKING POC
Joomla Webring Component 1.0 - Remote File Inclusion via component_dir Parameter
PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter.
CVE-2007-5451 EXPLOITDB text WORKING POC
com_colorlab 1.0 - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5309 EXPLOITDB text WORKING POC
webmaster-tips.net Flash Image Gallery 1.0 for Joomla! - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2009-2633 EXPLOITDB text WORKING POC
Joomla! com_vehiclemanager 1.0 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2635 EXPLOITDB text WORKING POC
Joomla! com_realestatemanager 1.0 Basic - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
EIP-2026-108451 EXPLOITDB text WORKING POC
Joomla! Component com_na_content 1.0 - Blind SQL Injection
CVE-2009-2634 EXPLOITDB text WORKING POC
MediaLibrary (com_media_library) 1.5.3 Basic - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4242 EXPLOITDB text WORKING POC
Joomla/Mambo JIM 1.0.1 - Code Injection
PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2099 EXPLOITDB perl WORKING POC
ijoomla com_rssfeeder - SQL Injection via cat Parameter
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
CVE-2009-2637 EXPLOITDB text WORKING POC
Joomla! com_booklibrary <1.5.2.4 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-5527 EXPLOITDB text WORKING POC
Intelimin InteliEditor <1.2.x - RCE
PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter.
CVE-2007-5140 EXPLOITDB text WORKING POC
IntegraMOD Nederland 1.4.2 - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0662 EXPLOITDB text WORKING POC
Hailboards 1.2.0 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-7107 EXPLOITDB text WORKING POC
Coalescent Systems freePBX <2.1.3 - RCE
PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
CVE-2006-5226 EXPLOITDB text WORKING POC
Freenews 1.1 - Remote File Inclusion via moteur.php chemin Parameter
PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2006-5230 EXPLOITDB text WORKING POC
freeforum < 0.9.7 - Remote File Inclusion via fpath Parameter
PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
CVE-2007-0580 EXPLOITDB perl WORKING POC
Foro Domus 2.10 - Remote File Inclusion via sesion_idioma Parameter
PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.
CVE-2007-0581 EXPLOITDB perl WORKING POC
EclipseBB 0.5.0 Lite - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.