DarkFig

81 exploits Active since Mar 2006
CVE-2007-1634 EXPLOITDB php WORKING POC
Net Portal Dynamic System < 5.10 - SQL Injection via _FILES[DB][tmp_name] Parameter
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
CVE-2006-2946 EXPLOITDB perl WORKING POC
dmx_forum < 2.1a - Unauthenticated Sensitive Information Exposure via Web-Accessible Database Configuration
Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information.
CVE-2006-5085 EXPLOITDB perl WORKING POC
Blog Pixel Motion 2.1.1 - Code Injection
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.
CVE-2007-3432 EXPLOITDB php WORKING POC
Pluxml 0.3.1 - Unauthenticated Arbitrary File Upload via admin/images.php
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
CVE-2007-0202 EXPLOITDB php WORKING POC
alex_guestbook 4.0.2 - SQL Injection via Lang Parameter
SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.
CVE-2007-0122 EXPLOITDB php WORKING POC
Coppermine Photo Gallery < 1.4.10 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
CVE-2006-5315 EXPLOITDB text WRITEUP
registroTL main.php - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in main.php in registroTL allows remote attackers to execute arbitrary PHP code via an ftp:// URL in the page parameter.
CVE-2007-5913 EXPLOITDB php WORKING POC
JBC Explorer < 7.20_rc1 - Unauthenticated Authentication Bypass via auth.php Parameter Manipulation
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.
CVE-2007-1254 EXPLOITDB php WORKING POC
Connectix Boards <0.7 - SQL Injection
SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
CVE-2007-0986 EXPLOITDB text WORKING POC
Jupiter CMS 1.1.5 - Remote Code Execution via FTP URL in Index.php
PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.
CVE-2006-6755 EXPLOITDB perl WORKING POC
ixprim_cms 1.2 - Information Disclosure via FCKeditor Plugin Path Exposure
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
CVE-2006-4632 EXPLOITDB perl WORKING POC
SoftBB < 0.1 - SQL Injection via Groupe or Select Parameter
Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.
CVE-2006-4631 EXPLOITDB perl WORKING POC
SoftBB < 0.1 - Authenticated Direct Static Code Injection via cache_forum Parameter
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
CVE-2006-4585 EXPLOITDB perl WORKING POC
Tr Forum 2.0 - Authenticated SQL Injection via id2 Parameter
SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
CVE-2006-4584 EXPLOITDB perl WORKING POC
Tr Forum 2.0 - Unauthenticated Authentication Bypass and Admin Account Creation via Admin Insert Endpoint
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
CVE-2007-1172 EXPLOITDB php WORKING POC
NukeSentinel <2.5.05 - SQL Injection
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
CVE-2007-1171 EXPLOITDB php WORKING POC
NukeSentinel <2.5.12 - SQL Injection
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
CVE-2009-2255 EXPLOITDB php WORKING POC
Zen Cart <= 1.3.8a - Unauthenticated Arbitrary File Upload via record_company_image Parameter
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.
CVE-2006-4479 EXPLOITDB text WORKING POC
Visual Shapers ezContents 2.0.3 - Cross-Site Scripting via subgroupname Parameter
Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter.
CVE-2007-0502 EXPLOITDB php WORKING POC
webSPELL 4.01.02 - SQL Injection via gallery.php picID Parameter
SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
EIP-2026-113101 EXPLOITDB perl WORKING POC
Vincent-Leclercq News 5.2 - 'Diver.php' SQL Injection
EIP-2026-113365 EXPLOITDB php WORKING POC
webSPELL 4.01.02 - PHP Remote Code Execution
CVE-2006-4478 EXPLOITDB text WORKING POC
Visual Shapers ezContents 2.0.3 - SQL Injection via Groupname Parameter
SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter.
CVE-2006-3385 EXPLOITDB text WORKING POC
Vincent Leclercq News 5.2 - Cross-Site Scripting via divers.php id and disabled Parameters
Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.
CVE-2006-4586 EXPLOITDB perl WORKING POC
Tr Forum 2.0 - Privilege Escalation
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.