Dj7xpl

47 exploits Active since May 2005
CVE-2005-2412 EXPLOITDB html WORKING POC
PHP FirstPost - RCE
PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter.
CVE-2007-1479 EXPLOITDB text WORKING POC
Creative Guestbook - XSS
Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
CVE-2008-0245 EXPLOITDB php WORKING POC
Uploadscript Uploadimage - Access Control
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
CVE-2007-2167 EXPLOITDB html WORKING POC
AimStats 3.2 - Code Injection
Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.
CVE-2007-2145 EXPLOITDB perl WORKING POC
MiniGal b13 - Code Injection
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-0944 EXPLOITDB text WORKING POC
Archangel Weblog 0.90.02 - Auth Bypass
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1.
EIP-2026-115998 EXPLOITDB perl WORKING POC
Opera 10.10 - Remote Code Execution Denial of Service
CVE-2007-2157 EXPLOITDB text WORKING POC
Zomplog - Path Traversal
Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
EIP-2026-114509 EXPLOITDB php WORKING POC
YaPiG 0.95b - Remote Code Execution
CVE-2007-1487 EXPLOITDB text WORKING POC
Cyber Inside Weblog - Path Traversal
Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action.
CVE-2008-0246 EXPLOITDB php WORKING POC
Uploadscript Uploadimage - Access Control
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
CVE-2007-2715 EXPLOITDB php WORKING POC
Snaps! Gallery 1.4.4 - Auth Bypass
Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
CVE-2007-2642 EXPLOITDB text WRITEUP
R2K Gallery 1.7 - Path Traversal
Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.
CVE-2007-1937 EXPLOITDB python WORKING POC
Scorp Book 1.0 - RCE
PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.
CVE-2007-2050 EXPLOITDB text WRITEUP
Ricargbook - Path Traversal
Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.
EIP-2026-111563 EXPLOITDB php WORKING POC
psipuss 1.0 - 'editusers.php' Remote Change Admin Password
CVE-2007-1908 EXPLOITDB text WRITEUP
PHP121 Instant Messenger 2.2 - RCE
PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.
CVE-2007-4934 EXPLOITDB text WORKING POC
Phpffl - Code Injection
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.
CVE-2007-2183 EXPLOITDB text WORKING POC
Php-ring Webring System - SQL Injection
SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter.
CVE-2007-2665 EXPLOITDB html WORKING POC
PhpFirstPost <0.1 - RCE
PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.
CVE-2007-1933 EXPLOITDB text WRITEUP
Dreamcodes Pcp-guestbook - Path Traversal
Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.
CVE-2007-2169 EXPLOITDB text WRITEUP
Mozzers SubSystem 1.0 - Code Injection
Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php.
CVE-2007-2647 EXPLOITDB php WORKING POC
Monalbum 0.8.7 - Code Injection
Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter.
CVE-2007-2899 EXPLOITDB php WORKING POC
NavBoard 2.6.0 - Code Injection
Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
CVE-2007-5050 EXPLOITDB text WORKING POC
Neuron News - Path Traversal
Directory traversal vulnerability in index.php in Neuron News 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the q parameter.