DeltahackingTEAM

36 exploits Active since Aug 2006
CVE-2006-6202 EXPLOITDB perl WORKING POC
NukeAI 0.0.3 Beta - Remote File Inclusion via AIbasedir Parameter
PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter.
CVE-2008-4926 EXPLOITDB html WORKING POC
MW6 Technologies PDF417 <3.0.0.1 - Code Injection
Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PDF417, MW6PDF417.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
CVE-2008-4925 EXPLOITDB html WORKING POC
MW6 Technologies DataMatrix ActiveX control <3.0.0.1 - RCE
Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
CVE-2008-4924 EXPLOITDB html WORKING POC
MW6 Technologies 1D Barcode ActiveX control <3.0.0.1 - Code Injection
Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
CVE-2008-4923 EXPLOITDB html WORKING POC
MW6 Technologies Aztec ActiveX control - File Overwrite
Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
CVE-2007-4254 EXPLOITDB text WORKING POC
Microsoft Visual Database Tools <7.0 - Buffer Overflow
Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
EIP-2026-116537 EXPLOITDB perl WORKING POC
Winamp 5.33 - '.avi' Remote Denial of Service
CVE-2007-3958 EXPLOITDB perl WORKING POC
Microsoft Windows Explorer - Denial of Service via GIF File
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.
CVE-2006-4301 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6.0 SP1 - DoS via Long Color Attribute in DirectX Media Image Transforms
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
CVE-2007-3162 EXPLOITDB html WORKING POC
Internet Download Accelerator 5.2 - Buffer Overflow via idaiehlp ActiveX Control
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
CVE-2008-5045 EXPLOITDB perl WORKING POC
Network-Client FTP Now 2.6 - Denial of Service via 1024-Character 200 Server Response
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.
CVE-2006-6823 EXPLOITDB perl WORKING POC
Yrch! 1.0 - Remote File Inclusion via Path Parameter
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-6575 EXPLOITDB perl WORKING POC
Brian Drawert Yaplap <0.6-0.6.1 - RCE
PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style parameter.
CVE-2006-6586 EXPLOITDB text WORKING POC
vBlog a0.1_nonfunc - Remote File Inclusion via cfgProgDir Parameter
Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/.
CVE-2006-5760 EXPLOITDB text WORKING POC
phpdynasite < 3.2.2 - Remote File Inclusion via Racine Parameter
Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php.
CVE-2007-0499 EXPLOITDB perl WORKING POC
phpIndexPage <= 1.0.1 - Remote Code Execution via env[inc_path] Parameter
PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.
CVE-2006-6255 EXPLOITDB perl WORKING POC
NukeAI 0.0.3 Beta - Unauthenticated Arbitrary PHP Code Execution via Filename and Moreinfo Parameters
Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.
CVE-2006-6213 EXPLOITDB text WORKING POC
PEGames - Remote File Inclusion via index.php abs_url Parameter
index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value.
CVE-2006-6150 EXPLOITDB text WORKING POC
OWLLib 1.0 - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter.
CVE-2007-2947 EXPLOITDB text WORKING POC
OpenBASE Alpha 0.6 - Remote File Inclusion via root_prefix Parameter
Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.
CVE-2007-0501 EXPLOITDB perl WORKING POC
mafia_scum_tools < 2.0.0 - Remote Code Execution via Gen Parameter
PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.
CVE-2006-5849 EXPLOITDB text WORKING POC
irayoblog alpha-0.2.4 - Remote File Inclusion via irayodirhack Parameter
PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter.
CVE-2006-6526 EXPLOITDB python WORKING POC
gizzar < 2002-16-03 - Remote File Inclusion via basePath Parameter
PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
CVE-2007-2891 EXPLOITDB text WORKING POC
FirmWorX 0.1.2 - Remote File Inclusion via bank_data[root] or fm_data[root] Parameter
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.
CVE-2006-6086 EXPLOITDB python WORKING POC
e-ark 1.0 - Remote Code Execution via cfg_pear_path Parameter
PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter.