DeltahackingTEAM

36 exploits Active since Aug 2006
CVE-2006-6202 EXPLOITDB perl WORKING POC
PHP-Nuke <0.0.3 - RCE
PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter.
CVE-2008-4926 EXPLOITDB html WORKING POC
MW6 Technologies PDF417 <3.0.0.1 - Code Injection
Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PDF417, MW6PDF417.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
CVE-2008-4925 EXPLOITDB html WORKING POC
MW6 Technologies DataMatrix ActiveX control <3.0.0.1 - RCE
Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
CVE-2008-4924 EXPLOITDB html WORKING POC
MW6 Technologies 1D Barcode ActiveX control <3.0.0.1 - Code Injection
Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
CVE-2008-4923 EXPLOITDB html WORKING POC
MW6 Technologies Aztec ActiveX control - File Overwrite
Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
CVE-2007-4254 EXPLOITDB text WORKING POC
Microsoft Visual Database Tools <7.0 - Buffer Overflow
Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
EIP-2026-116537 EXPLOITDB perl WORKING POC
Winamp 5.33 - '.avi' Remote Denial of Service
CVE-2007-3958 EXPLOITDB perl WORKING POC
Microsoft Internet Explorer - Denial of Service
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.
CVE-2006-4301 EXPLOITDB html WORKING POC
Microsoft IE - Improper Input Validation
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
CVE-2007-3162 EXPLOITDB html WORKING POC
Westbyte Internet Download Accelerator - Buffer Overflow
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
CVE-2008-5045 EXPLOITDB perl WORKING POC
Network-client.com FTP Now - Memory Corruption
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.
CVE-2006-6823 EXPLOITDB perl WORKING POC
Yrch! 1.0 - RCE
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-6575 EXPLOITDB perl WORKING POC
Brian Drawert Yaplap <0.6-0.6.1 - RCE
PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style parameter.
CVE-2006-6586 EXPLOITDB text WORKING POC
Vortex Blog a0.1_nonfunc - RCE
Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/.
CVE-2006-5760 EXPLOITDB text WORKING POC
phpDynaSite <3.2.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php.
CVE-2007-0499 EXPLOITDB perl WORKING POC
Sangwan KIM Phpindexpage < 1.0.1 - Code Injection
PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.
CVE-2006-6255 EXPLOITDB perl WORKING POC
NukeAI 0.0.3 Beta - Code Injection
Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.
CVE-2006-6213 EXPLOITDB text WORKING POC
PEGames - RCE
index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value.
CVE-2006-6150 EXPLOITDB text WORKING POC
PHP - RCE
PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter.
CVE-2007-2947 EXPLOITDB text WORKING POC
OpenBASE Alpha 0.6 - RCE
Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.
CVE-2007-0501 EXPLOITDB perl WORKING POC
Mafia Scum Tools < 2.0.0 - Code Injection
PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.
CVE-2006-5849 EXPLOITDB text WORKING POC
IrayoBlog alpha-0.2.4 - RCE
PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter.
CVE-2006-6526 EXPLOITDB python WORKING POC
Gizzar <03162002 - RCE
PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
CVE-2007-2891 EXPLOITDB text WORKING POC
FirmWorX 0.1.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.
CVE-2006-6086 EXPLOITDB python WORKING POC
E-ark - Code Injection
PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter.