DarkFig

81 exploits Active since Mar 2006
CVE-2006-4586 EXPLOITDB perl WORKING POC
Tr Forum 2.0 - Privilege Escalation
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
CVE-2007-0093 EXPLOITDB php WORKING POC
Simple Web Content Management System - SQL Injection via Page ID Parameter
SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3381 EXPLOITDB perl WORKING POC
SturGeoN Upload - Unauthenticated Arbitrary PHP Code Execution via File Upload
SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.
CVE-2006-4633 EXPLOITDB perl WORKING POC
SoftBB < 0.1 - Path Disclosure via Invalid page[] Parameter
index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
EIP-2026-112128 EXPLOITDB text WRITEUP
Simple PHP Blog (sPHPblog) 0.5.1 - Multiple Vulnerabilities
CVE-2006-0940 EXPLOITDB perl WORKING POC
ShoutLIVE 1.1.0 - Remote Code Execution via settings.php Variable Injection
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.
CVE-2006-5316 EXPLOITDB text WRITEUP
registroTL - Unauthenticated Sensitive Information Exposure via Direct Database Download
registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat.
CVE-2007-3542 EXPLOITDB php WORKING POC
Pluxml 0.3.1 - Cross-Site Scripting via msg Parameter in admin/auth.php
Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
EIP-2026-111580 EXPLOITDB php WORKING POC
PunBB 1.2.14 - Remote Code Execution
CVE-2009-0517 EXPLOITDB php WORKING POC
phpslash <= 0.8.1.1 - Remote Code Execution via Fields Parameter
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.
EIP-2026-110954 EXPLOITDB perl WORKING POC
phpBB 2.0.18 - Remote Brute Force/Dictionary (2)
EIP-2026-110757 EXPLOITDB text WORKING POC
PHP Security Framework - Multiple Input Validation Vulnerabilities
CVE-2007-5125 EXPLOITDB php WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-1171. Reason: This candidate is a duplicate of CVE-2007-1171. Notes: All CVE users should reference CVE-2007-1171 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
EIP-2026-109968 EXPLOITDB text WORKING POC
NPDS 5.10 - Multiple Input Validation Vulnerabilities
CVE-2007-2556 EXPLOITDB php WORKING POC
Nuked-klaN 1.7.6 - SQL Injection via X-Forwarded-For Header
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.
CVE-2007-1493 EXPLOITDB php WORKING POC
NukeSentinel <2.5.06 - SQL Injection
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
CVE-2007-1493 EXPLOITDB php WORKING POC
NukeSentinel <2.5.06 - SQL Injection
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
CVE-2006-6280 EXPLOITDB php WORKING POC
Oxygen O2PHP BB <1.1.3 - SQL Injection
SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572.
CVE-2007-1635 EXPLOITDB php WORKING POC
Net Portal Dynamic System <5.10 - Code Injection
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.
CVE-2007-1963 EXPLOITDB php WORKING POC
MyBB < 1.2.3 - SQL Injection via Client-IP HTTP Header
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
CVE-2007-0972 EXPLOITDB php WORKING POC
Jupiter CMS 1.1.5 - Unauthenticated Arbitrary File Upload via Emoticons Module
Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.
CVE-2007-0971 EXPLOITDB php WORKING POC
Jupiter CMS 1.1.5 - SQL Injection via HTTP Headers
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.
CVE-2007-0987 EXPLOITDB text WORKING POC
Jupiter CMS <1.1.5 - Path Traversal
Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter.
CVE-2007-5914 EXPLOITDB php WORKING POC
JBC Explorer <7.20 RC1 - Code Injection
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.
CVE-2006-5318 EXPLOITDB text WRITEUP
Nayco JASmine - Remote File Inclusion via Section Parameter
PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter.