xoron

93 exploits Active since Dec 2002
CVE-2007-1105 EXPLOITDB perl WORKING POC
Extreme phpBB 3.0.1 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-6864 EXPLOITDB text WORKING POC
Enigma2 Coppermine Bridge 1.0 - RCE
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
CVE-2006-5623 EXPLOITDB text WORKING POC
ee_tool < 0.4_1 - Remote File Inclusion via cgipath Parameter
PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter.
EIP-2026-106334 EXPLOITDB text WORKING POC
dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure
CVE-2009-0445 EXPLOITDB php WORKING POC
Dreampics Gallery Builder - SQL Injection
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
CVE-2006-4075 EXPLOITDB text WORKING POC
Wim Fleischhauer docpile: wim's edition <0.2.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php.
CVE-2007-1556 EXPLOITDB text WORKING POC
Creative Files 1.2 - SQL Injection via dlid Parameter
SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter.
EIP-2026-105614 EXPLOITDB text WORKING POC
bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection
CVE-2007-0684 EXPLOITDB text WORKING POC
Cerulean Portal System 0.7b - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0809 EXPLOITDB perl WORKING POC
Categories hierarchy (mod-CH) 2.1.2 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-4850 EXPLOITDB text WORKING POC
BolinOS < 4.5.5 - Remote File Inclusion via gBRootPath Parameter
PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.
EIP-2026-105231 EXPLOITDB text WORKING POC
Ariadne 2.4 - store_config[code] Remote File Inclusion
CVE-2009-1946 EXPLOITDB text WORKING POC
AdaptBB 1.0 - Remote Code Execution
PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter.
CVE-2007-1023 EXPLOITDB text WORKING POC
Snitz Forums 2000 3.1 SR4 - SQL Injection
SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1058 EXPLOITDB text WORKING POC
Online Web Building 2.0 - SQL Injection
SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.
CVE-2007-0920 EXPLOITDB text WORKING POC
Philboard < 1.14 - SQL Injection via forumid Parameter
SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2007-1077 EXPLOITDB text WORKING POC
Design4Online UserPages2 2.0 - SQL Injection
SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1016 EXPLOITDB text WORKING POC
Aktueldownload Haber script - SQL Injection
SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.