xoron

93 exploits Active since Dec 2002
EIP-2026-109284 EXPLOITDB php WORKING POC
Mambo Component com_sim 0.8 - Blind SQL Injection
CVE-2006-3692 EXPLOITDB text WRITEUP
ListMessenger 0.9.3 - RCE
PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable is set to a constant value. As of 20060726, CVE concurs with the vendor based on SecurityTracker's post-disclosure analysis
CVE-2006-4858 EXPLOITDB text WORKING POC
Mambo com_serverstat <0.4.4 - RCE
PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-5620 EXPLOITDB text WORKING POC
MiniBILL 2006-10-10 - RCE
PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489.
CVE-2006-4363 EXPLOITDB text WRITEUP
Mambo com_cropimage 1.0 - RCE
PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter.
CVE-2007-5485 EXPLOITDB text WORKING POC
Kwsphp - SQL Injection
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2006-6800 EXPLOITDB text WORKING POC
Limbo CMS 1.0 - RCE
PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
CVE-2006-4129 EXPLOITDB text WORKING POC
Joomla! <1.0 - RCE
PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter.
CVE-2007-5451 EXPLOITDB text WORKING POC
Com Colorlab - Code Injection
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5309 EXPLOITDB text WORKING POC
Joomla - Code Injection
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2009-2633 EXPLOITDB text WORKING POC
Joomla! com_vehiclemanager 1.0 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2635 EXPLOITDB text WORKING POC
Joomla! com_realestatemanager 1.0 Basic - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
EIP-2026-108451 EXPLOITDB text WORKING POC
Joomla! Component com_na_content 1.0 - Blind SQL Injection
CVE-2009-2634 EXPLOITDB text WORKING POC
Joomla! 1.5.3 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4242 EXPLOITDB text WORKING POC
Joomla/Mambo JIM 1.0.1 - Code Injection
PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2099 EXPLOITDB perl WORKING POC
iJoomla RSS Feeder - SQL Injection
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
CVE-2009-2637 EXPLOITDB text WORKING POC
Joomla! com_booklibrary <1.5.2.4 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-5527 EXPLOITDB text WORKING POC
Intelimin InteliEditor <1.2.x - RCE
PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter.
CVE-2007-5140 EXPLOITDB text WORKING POC
Integramod Nederland - Code Injection
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0662 EXPLOITDB text WORKING POC
Hailboards 1.2.0 - RCE
PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-7107 EXPLOITDB text WORKING POC
Coalescent Systems freePBX <2.1.3 - RCE
PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
CVE-2006-5226 EXPLOITDB text WORKING POC
Prologin.fr Freenews <1.1 - RCE
PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2006-5230 EXPLOITDB text WORKING POC
FreeForum <0.9.7 - RCE
PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
CVE-2007-0580 EXPLOITDB perl WORKING POC
Foro Domus 2.10 - RCE
PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.
CVE-2007-0581 EXPLOITDB perl WORKING POC
EclipseBB 0.5.0 Lite - RCE
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.