0in

17 exploits Active since Sep 2007
CVE-2012-2376 EXPLOITDB php WORKING POC
PHP < 5.4.3 - Remote Code Execution via COM Object VARIANT Type Handling
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
EIP-2026-119380 EXPLOITDB text WORKING POC
IBM Business Process Manager - User Account Reconfiguration
EIP-2026-117698 EXPLOITDB python WORKING POC
Nokia MultiMedia Player 1.0 - Playlist Universal Overwrite (SEH)
CVE-2008-6497 EXPLOITDB python WORKING POC
Neostrada Livebox ADSL Router - Denial of Service via Multiple HTTP Requests for /- URI
The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI.
EIP-2026-116040 EXPLOITDB c++ WORKING POC
PC Tools Firewall Plus 7.0.0.123 - Local Denial of Service
EIP-2026-115954 EXPLOITDB python WORKING POC
Notepad++ NppFTP Plugin - 'LIST' Remote Heap Overflow (PoC)
CVE-2008-1478 EXPLOITDB perl WORKING POC
Home FTP Server 1.4.5.89 - Denial of Service via Passive Mode Connection Handling
Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information.
CVE-2008-0469 EXPLOITDB text WORKING POC
Tiger Php News System < 1.0b - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action.
CVE-2008-2352 EXPLOITDB python WORKING POC
Smeego 1.0 - Remote File Inclusion via Lang Cookie
Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie.
CVE-2007-5149 EXPLOITDB text WORKING POC
North Country Public Radio Public Media Manager 1.3 - Remote Code Execution via NewsCMS indir Parameter
PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter.
CVE-2008-1732 EXPLOITDB text WORKING POC
Prediction Football <1.x - SQL Injection
SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.
CVE-2007-5221 EXPLOITDB text WORKING POC
Poppawid 2.7 - Remote Code Execution via Form Parameter
PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter.
CVE-2007-5390 EXPLOITDB text WORKING POC
picoflat_cms < 0.4.14 - Remote Code Execution via Pagina Parameter
PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.
CVE-2008-1565 EXPLOITDB text WRITEUP
phpBB PJIRC Module 0.5 - Remote File Inclusion via phpEx Parameter
Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.
CVE-2007-5139 EXPLOITDB text WORKING POC
chupix_cms 0.2.3 - Remote Code Execution via Repertoire Parameter
PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter.
EIP-2026-103575 EXPLOITDB html WORKING POC
Mozilla Firefox 8.0 - Null Pointer Dereference (PoC)
EIP-2026-102599 EXPLOITDB c WORKING POC
Galaxy FTP Server 1.0 (Neostrada Livebox DSL Router) - Denial of Service