DarkFig

CVE-2006-4601 EXPLOITDB perl WORKING POC

Annuaire 1Two 2.2 - SQL Injection via id Parameter

SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2006-5320 EXPLOITDB text WRITEUP

Album Photo Sans Nom 1.6 - Directory Traversal via getimg.php img Parameter

Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter.

View Code

CVE-2007-0205 EXPLOITDB php WORKING POC

@lex Guestbook 4.0.2 - Path Traversal via admin/skins.php Parameters

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.

View Code

EIP-2026-103593 EXPLOITDB perl WORKING POC

Net Portal Dynamic System 5.0 - Register Users Denial of Service

View Code

EIP-2026-103237 EXPLOITDB php WORKING POC

VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution

View Code

CVE-2008-0403 EXPLOITDB text WRITEUP

Belkin F5D9230-4 - Unauthenticated Configuration Access via SaveCfgFile.cgi

The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.

View Code