JaxUltraBB 2.0 - Command Execution

!/usr/bin/php -q -d shortopentag=on \r\n"; echo "Thanks to rgod for the php code and Marty for the Love\r\n"; echo "You need a valid Username and Password to get it working\r\n\r\n"; echo "This exploit will try to create a piggymarty.php backdoor on the webserver\r\n\r\n"; if $argc4 echo "Usage:...

CVE-2006-5433

PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGlocalroot parameter...

CVE-2006-5423

PHP remote file inclusion vulnerability in admin/adminmodule.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the gadminrep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party...

CVE-2006-5422

PHP remote file inclusion vulnerability in calcul-page.php in Lodel patchlodel 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter...

CVE-2006-5419

PHP remote file inclusion vulnerability in client.php in University of Glasgow Specimen Image Database SID, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter...

CVE-2006-5421

WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but tha...

CVE-2006-5415

PHP remote file inclusion vulnerability in includes/functionsnewshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-5421

WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but tha...

CVE-2006-5407

PHP remote file inclusion vulnerability in openform.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter...

[ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion

ECHOADV56$2006 ------------------------------------------------------------------------ ----- ECHOADV46$2006 P-Book = 1.17 pblang Remote File Inclusion ------------------------------------------------------------------------ ------ Author : Ahmad Maulana a.k.a Matdhule Date Found : October, 18th...

CVE-2006-5402

Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 classpath, 2 javascriptpath, and 3 includepath parameters in a cart.php; the 4 classpath parameter in b index.php; the 5 javascriptpath...

CVE-2006-5384

PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter...

CVE-2006-5384

PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter...

CVE-2006-5380

Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenidopath parameter to 1 cms/dbfs.php or 2 cms/frontcontent.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenidopath is set to a static value...

CVE-2006-5380

Contenido CMS suffers a remote file inclusion (RFI) vulnerability in CVE-2006-5380 via the contenido_path parameter to cms/dbfs.php or cms/front_content.php, enabling arbitrary PHP code execution. Note: CVE disputes this for version 4.6.15 where contenido_path is static. In practice, mitigation g...

CVE-2006-5317

PHP remote file inclusion vulnerability in index.php in eboli allows remote attackers to execute arbitrary PHP code via a URL in the contentSpecial parameter...

CVE-2006-5315

PHP remote file inclusion vulnerability in main.php in registroTL allows remote attackers to execute arbitrary PHP code via an ftp:// URL in the page parameter...

CVE-2006-5310

PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences phpMyConference 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvcincludedir parameter...

CVE-2006-5291

PHP remote file inclusion vulnerability in admin/includes/spaw/spawcontrol.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PH...

OpenDock FullCore <= 4.4 Remote File Include Vulnerabilities

No description provided by source. --------------------------------------------------------------------------------- OpenDock FullCore = v4.4 Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact :...