DarkFig

81 exploits Active since Mar 2006
CVE-2007-1634 EXPLOITDB php WORKING POC
Net Portal Dynamic System < 5.10 - SQL Injection
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
CVE-2006-2946 EXPLOITDB perl WORKING POC
Dmx Forum 2.1a - Info Disclosure
Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information.
CVE-2006-5085 EXPLOITDB perl WORKING POC
Blog Pixel Motion 2.1.1 - Code Injection
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.
CVE-2007-3432 EXPLOITDB php WORKING POC
Pluxml - Unrestricted File Upload
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
CVE-2007-0202 EXPLOITDB php WORKING POC
Alexphpteam Alex Guestbook - SQL Injection
SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.
CVE-2007-0122 EXPLOITDB php WORKING POC
Coppermine Photo Gallery < 1.4.10 - SQL Injection
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
CVE-2006-5315 EXPLOITDB text WRITEUP
PHP - RCE
PHP remote file inclusion vulnerability in main.php in registroTL allows remote attackers to execute arbitrary PHP code via an ftp:// URL in the page parameter.
CVE-2007-5913 EXPLOITDB php WORKING POC
JBC Explorer <7.20 RC1 - RCE
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.
CVE-2007-1254 EXPLOITDB php WORKING POC
Connectix Boards <0.7 - SQL Injection
SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
CVE-2007-0986 EXPLOITDB text WORKING POC
Jupiter CMS <1.1.5 - RCE
PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.
CVE-2006-6755 EXPLOITDB perl WORKING POC
Ixprim 1.2 - Info Disclosure
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
CVE-2006-4632 EXPLOITDB perl WORKING POC
SoftBB 0.1 - SQL Injection
Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.
CVE-2006-4631 EXPLOITDB perl WORKING POC
SoftBB 0.1 - Code Injection
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
CVE-2006-4585 EXPLOITDB perl WORKING POC
TR Forum - SQL Injection
SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
CVE-2006-4584 EXPLOITDB perl WORKING POC
Tr Forum 2.0 - Auth Bypass
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
CVE-2007-1172 EXPLOITDB php WORKING POC
NukeSentinel <2.5.05 - SQL Injection
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
CVE-2007-1171 EXPLOITDB php WORKING POC
NukeSentinel <2.5.12 - SQL Injection
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
CVE-2009-2255 EXPLOITDB php WORKING POC
Zen Cart <1.3.8a-1.3.8 - RCE
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.
CVE-2006-4479 EXPLOITDB text WORKING POC
Visualshapers Ezcontents - XSS
Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter.
CVE-2007-0502 EXPLOITDB php WORKING POC
Webspell - SQL Injection
SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
EIP-2026-113101 EXPLOITDB perl WORKING POC
Vincent-Leclercq News 5.2 - 'Diver.php' SQL Injection
EIP-2026-113365 EXPLOITDB php WORKING POC
webSPELL 4.01.02 - PHP Remote Code Execution
CVE-2006-4478 EXPLOITDB text WORKING POC
Visualshapers Ezcontents - SQL Injection
SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter.
CVE-2006-3385 EXPLOITDB text WORKING POC
Vincent Leclercq News 5.2 - XSS
Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.
CVE-2006-4586 EXPLOITDB perl WORKING POC
Tr Forum 2.0 - Privilege Escalation
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.