Dj7xpl

47 exploits Active since May 2005
CVE-2007-2182 EXPLOITDB text WORKING POC
Maran Php Forum - Unrestricted File Upload
Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter.
CVE-2007-2146 EXPLOITDB perl WORKING POC
MiniGal b13 - Code Injection
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3272 EXPLOITDB php WORKING POC
Minibb - Path Traversal
Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter in a register action.
CVE-2007-2643 EXPLOITDB text WORKING POC
PinkCrow Designs Gallery/maGAZIn 2.0 - Path Traversal
Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
CVE-2007-2184 EXPLOITDB text WORKING POC
Jchit Counter - Path Traversal
Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter.
CVE-2007-2158 EXPLOITDB text WORKING POC
jGallery 1.3 - RCE
PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter.
CVE-2007-1795 EXPLOITDB text WORKING POC
JCcorp URLshrink 1.3.1 - RCE
JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1998 EXPLOITDB text WORKING POC
HIOX Guest Book <4.0 - Code Injection
Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.
CVE-2006-5612 EXPLOITDB text WORKING POC
Michel Pradel Gestart - Code Injection
PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter.
CVE-2005-1237 EXPLOITDB text WORKING POC
FlexPHPNews 0.0.3 - SQL Injection
SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2007-1394 EXPLOITDB text WORKING POC
Flat Chat 2.0 - Code Injection
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.
CVE-2007-3403 EXPLOITDB php WORKING POC
Dreamlog - Unrestricted File Upload
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
CVE-2007-1525 EXPLOITDB html WORKING POC
Dayfox Blog <4 - Code Injection
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.
CVE-2007-1480 EXPLOITDB text WORKING POC
Creative Guestbook - Authentication Bypass
Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set.
CVE-2007-2154 EXPLOITDB text WORKING POC
Cabron Connector 1.1.0 - RCE
PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.
CVE-2007-2094 EXPLOITDB text WORKING POC
Anthologia 0.5.2 - RCE
PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter.
CVE-2007-3630 EXPLOITDB php WORKING POC
AV Tutorial Script <1.0 - RCE
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
CVE-2007-2574 EXPLOITDB text WORKING POC
Archangel Weblog 0.90.02 - Path Traversal
Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter.
CVE-2007-2168 EXPLOITDB html WORKING POC
AimStats <3.2 - Code Injection
Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2507 EXPLOITDB text WORKING POC
Treble Designs 1024 CMS 0.7 - Path Traversal
Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter.
EIP-2026-103609 EXPLOITDB html WORKING POC
Opera 9.10 - 'alert()' Remote Denial of Service
CVE-2007-2486 EXPLOITDB text WORKING POC
Motobit <1.3,1.5 - Path Traversal
Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter.