Ciph3r

27 exploits Active since Jun 2008
EIP-2026-118963 EXPLOITDB c WORKING POC
Nokia PC Suite 7.0 - Remote Buffer Overflow
CVE-2008-3957 EXPLOITDB c++ WORKING POC
Microsoft Windows Image Acquisition Logger ActiveX - RCE
The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3957 EXPLOITDB text WORKING POC
Microsoft Windows Image Acquisition Logger ActiveX - RCE
The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-1255 EXPLOITDB text WORKING POC
Internet Explorer 6-8 - Use-After-Free in Timed Interactive Multimedia Extensions
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
CVE-2008-4508 EXPLOITDB perl WORKING POC
Internet Download Manager - Stack-based Buffer Overflow via Crafted AppleDouble File
Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. NOTE: this is probably a different vulnerability than CVE-2005-2210.
EIP-2026-116553 EXPLOITDB text WORKING POC
Winlog Lite SCADA HMI system - Overwrite (SEH)
EIP-2026-115587 EXPLOITDB c WORKING POC
Mass Downloader - Malformed Executable Denial of Service
CVE-2008-3296 EXPLOITDB text WRITEUP
XOOPS 2.0.18.1 - Path Traversal and Arbitrary File Execution via fct Parameter
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3295 EXPLOITDB text WRITEUP
XOOPS 2.0.18.1 - Cross-Site Scripting via fct Parameter
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-112897 EXPLOITDB text WORKING POC
UNAK-CMS - Cookie Authentication Bypass
CVE-2008-4081 EXPLOITDB text WORKING POC
Stash 1.0.3 - Unauthenticated Authentication Bypass via bsm Cookie
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.
CVE-2008-3354 EXPLOITDB text WORKING POC
RunCMS Newbb Plus Module - Remote Code Execution via bbPath Parameter Manipulation
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3354 EXPLOITDB text WRITEUP
RunCMS Newbb Plus Module - Remote Code Execution via bbPath Parameter Manipulation
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3022 EXPLOITDB python WORKING POC
PHPortal 1.2 Beta - Remote Code Execution via URL Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters.
CVE-2008-2854 EXPLOITDB text WORKING POC
Orlando CMS 0.6 - Remote Code Execution via GLOBALS[preloc] Parameter
Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php.
CVE-2008-5167 EXPLOITDB text WORKING POC
Boonex Orca 2.0 and 2.0.2 - Remote Code Execution via gConf[dir][layouts] Parameter
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
CVE-2008-5945 EXPLOITDB text WORKING POC
Nukeviet 2.0 Beta - Unauthenticated Authentication Bypass via admf Cookie
Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-109216 EXPLOITDB text WORKING POC
Lotus Core CMS 1.0.1 - Remote File Inclusion
EIP-2026-109003 EXPLOITDB text WRITEUP
Kim Websites 1.0 - 'FCKeditor' Arbitrary File Upload
CVE-2008-3312 EXPLOITDB text WRITEUP
Lemon CMS 1.10 - Path Traversal via Dir Parameter
Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor.
EIP-2026-107028 EXPLOITDB text WORKING POC
facebook newsroom CMS 0.5.0 Beta 1 - Remote File Inclusion
CVE-2008-3299 EXPLOITDB text WORKING POC
eSyndiCat 1.6 - Unauthenticated Authentication Bypass via admin_lng Cookie
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3313 EXPLOITDB text WORKING POC
CreaCMS 1.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3313 EXPLOITDB text WORKING POC
CreaCMS 1.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3300 EXPLOITDB text WORKING POC
AlphAdmin CMS 1.0.5/03 - Auth Bypass
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.