AkaStep

47 exploits Active since May 2012
CVE-2013-10070 EXPLOITDB CRITICAL ruby WORKING POC
PHP-Charts v1.0 - RCE
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
CVE-2013-10070 EXPLOITDB CRITICAL text WORKING POC
PHP-Charts v1.0 - RCE
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
CVE-2013-10067 EXPLOITDB CRITICAL ruby WORKING POC
Glossword 1.8.8-1.8.12 - RCE
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
CVE-2013-10067 EXPLOITDB CRITICAL text WORKING POC
Glossword 1.8.8-1.8.12 - RCE
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
CVE-2013-10051 EXPLOITDB CRITICAL ruby WORKING POC
InstantCMS <1.6 - RCE
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.
CVSS 9.8
CVE-2013-10047 EXPLOITDB CRITICAL ruby WORKING POC
MiniWeb HTTP Server <= Build 300 - File Upload
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista.
CVE-2013-10070 METASPLOIT CRITICAL ruby WORKING POC
PHP-Charts v1.0 - RCE
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
CVE-2013-10067 METASPLOIT CRITICAL ruby WORKING POC
Glossword 1.8.8-1.8.12 - RCE
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
CVE-2013-10051 METASPLOIT CRITICAL ruby WORKING POC
InstantCMS <1.6 - RCE
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.
CVSS 9.8
CVE-2013-10047 METASPLOIT CRITICAL ruby WORKING POC
MiniWeb HTTP Server <= Build 300 - File Upload
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista.
EIP-2026-116246 EXPLOITDB text WORKING POC
SmallFTPd - Denial of Service
EIP-2026-113504 EXPLOITDB text WRITEUP
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities
EIP-2026-113503 EXPLOITDB html WORKING POC
WordPress Core 3.4.2 - Cross-Site Request Forgery
EIP-2026-112786 EXPLOITDB text WORKING POC
traq 2.3.5 - Multiple Vulnerabilities
EIP-2026-112733 EXPLOITDB text WRITEUP
ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion
EIP-2026-112193 EXPLOITDB text WORKING POC
Sitemax Maestro - SQL Injection / Local File Inclusion
EIP-2026-112358 EXPLOITDB text WORKING POC
Sourcefabric Newscoop - 'f_email' SQL Injection
EIP-2026-111848 EXPLOITDB text WORKING POC
Ruubikcms 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal
EIP-2026-111969 EXPLOITDB text WORKING POC
Seditio CMS 165 - 'plug.php' SQL Injection
EIP-2026-111945 EXPLOITDB text WORKING POC
Sciretech (Multiple Products) - Multiple SQL Injections
EIP-2026-111251 EXPLOITDB text WORKING POC
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
EIP-2026-111174 EXPLOITDB html WORKING POC
PHPMyVisites 2.4 - 'PHPmv2/index.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-110791 EXPLOITDB text WORKING POC
PHP weby directory software 1.2 - Multiple Vulnerabilities
EIP-2026-110401 EXPLOITDB text WRITEUP
osTicket - 'tickets.php?status' Cross-Site Scripting
EIP-2026-110400 EXPLOITDB text WRITEUP
osTicket - 'l.php?url' Arbitrary Site Redirect