BlackHawk

33 exploits Active since Feb 2005
CVE-2005-0613 EXPLOITDB php WORKING POC
FCKeditor 2.0 RC2 - Unauthenticated Arbitrary File Upload
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
CVE-2012-10036 EXPLOITDB CRITICAL ruby WORKING POC
Project Pier <0.8.8 - Unauthenticated RCE
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. The uploaded file is stored with a predictable suffix and can be executed by requesting its URL, resulting in remote code execution.
CVE-2009-1226 EXPLOITDB php WORKING POC
Podcast Generator <= 1.1 - Unauthenticated Arbitrary File Deletion via Admin Delete Endpoint
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
CVE-2008-0350 EXPLOITDB php WORKING POC
evilsentinel < 1.0.9 - Unauthenticated Privilege Escalation via admin/index.php Redirect Handling
admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.
CVE-2007-3585 EXPLOITDB php WORKING POC
MyCMS < 0.9.8 - Remote File Inclusion via games.php id Parameter
PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
CVE-2007-2003 EXPLOITDB php WORKING POC
InoutMailingListManager <3.1 - Open Redirect
InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.
CVE-2007-2002 EXPLOITDB php WORKING POC
InoutMailingListManager < 3.1 - Unauthenticated Arbitrary PHP File Upload and Remote Code Execution via Admin Cookie
InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.
CVE-2006-7116 EXPLOITDB php WORKING POC
Kubix < 0.7 - SQL Injection via member_id Parameter
SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.
CVE-2006-6785 EXPLOITDB php WORKING POC
Open Newsletter < 2.5 - Unauthenticated Administrative Action Execution
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
CVE-2007-2371 EXPLOITDB php WORKING POC
phpMyNewsletter < 0.8_beta_5 - Unauthenticated Configuration Modification and Code Injection via saveGlobalconfig Action
admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.
CVE-2006-0658 EXPLOITDB php WORKING POC
FCKeditor 2.0-2.2 - Unauthenticated Arbitrary File Upload via Extension Blacklist Bypass
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
CVE-2012-10036 METASPLOIT CRITICAL ruby WORKING POC
Project Pier <0.8.8 - Unauthenticated RCE
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. The uploaded file is stored with a predictable suffix and can be executed by requesting its URL, resulting in remote code execution.
CVE-2007-3307 EXPLOITDB php WORKING POC
Solar Empire < 2.9.1.1 - SQL Injection via User-Agent HTTP Header
SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
CVE-2007-3051 EXPLOITDB php WORKING POC
Revokebb < 1.0_rc4 - SQL Injection via revokebb_user Cookie
SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.
CVE-2009-1230 EXPLOITDB php WORKING POC
podcast_generator <= 1.1 - Authenticated PHP Code Injection via Recent Parameter
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
CVE-2014-9096 EXPLOITDB python WORKING POC
Pligg CMS < 2.0.1 - SQL Injection via Recover.php ID or N Parameter
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
CVE-2007-2372 EXPLOITDB php WORKING POC
phpMyNewsletter <0.8 beta5 - Open Redirect
admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/.
CVE-2006-6786 EXPLOITDB php WORKING POC
Open Newsletter <2.5 - Command Injection
Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.
CVE-2007-3586 EXPLOITDB php WORKING POC
MyCMS < 0.9.8 - Remote Code Execution via Score Parameter or Login Cookie
Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.
CVE-2007-3587 EXPLOITDB php WORKING POC
MyCMS <0.9.8 - Privilege Escalation
MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.
CVE-2007-2081 EXPLOITDB php WORKING POC
myblog < 0.9.8 - Unauthenticated Authentication Bypass via Admin Cookie Parameter
MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.
EIP-2026-109127 EXPLOITDB php WORKING POC
Light Blog Remote - Multiple Vulnerabilities
CVE-2007-5374 EXPLOITDB php WORKING POC
LightBlog 8.4.1.1 - Authenticated Privilege Escalation via cp_memberedit.php
cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account.
CVE-2006-7117 EXPLOITDB php WORKING POC
Kubix < 0.7 - Path Traversal via Theme Cookie or File Parameter
Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
CVE-2007-2004 EXPLOITDB php WORKING POC
InoutMailingListManager < 3.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.