Dj7xpl

47 exploits Active since May 2005
CVE-2007-2182 EXPLOITDB text WORKING POC
Maran PHP Forum - Unauthenticated Arbitrary File Upload via Trailing Null Byte in Filename
Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter.
CVE-2007-2146 EXPLOITDB perl WORKING POC
MiniGal b13 - Remote Code Execution via Name or Email Parameter
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3272 EXPLOITDB php WORKING POC
MiniBB 2.0.5 - Directory Traversal via Language Parameter
Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter in a register action.
CVE-2007-2643 EXPLOITDB text WORKING POC
PinkCrow Designs Gallery/maGAZIn 2.0 - Path Traversal
Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
CVE-2007-2184 EXPLOITDB text WORKING POC
jchit counter 1.0.0 - Directory Traversal via imgsrv.php acc Parameter
Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter.
CVE-2007-2158 EXPLOITDB text WORKING POC
jGallery 1.3 - Remote Code Execution
PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter.
CVE-2007-1795 EXPLOITDB text WORKING POC
JCcorp URLshrink 1.3.1 - Remote Code Execution via Email Address Field
JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1998 EXPLOITDB text WORKING POC
HIOX Guest Book <4.0 - Code Injection
Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.
CVE-2006-5612 EXPLOITDB text WORKING POC
GestArt beta 1 - Remote Code Execution via aide Parameter
PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter.
CVE-2005-1237 EXPLOITDB text WORKING POC
FlexPHPNews < 0.0.3 - SQL Injection via newsid Parameter
SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2007-1394 EXPLOITDB text WORKING POC
Flat Chat 2.0 - Remote Code Execution via Chat Name Field
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.
CVE-2007-3403 EXPLOITDB php WORKING POC
dreamlog 0.5 - Unauthenticated Arbitrary File Upload via upload.php uploadedFile Parameter
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
CVE-2007-1525 EXPLOITDB html WORKING POC
Dayfox Blog 4 - Remote Code Execution via Cat Parameter
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.
CVE-2007-1480 EXPLOITDB text WORKING POC
Creative Guestbook 1.0 - Unauthenticated Administrative Account Creation via Direct Request
Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set.
CVE-2007-2154 EXPLOITDB text WORKING POC
cabron_connector < 1.1.0 - Remote File Inclusion via CabronServiceFolder Parameter
PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.
CVE-2007-2094 EXPLOITDB text WORKING POC
Anthologia 0.5.2 - Remote File Inclusion via ads_file Parameter
PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter.
CVE-2007-3630 EXPLOITDB php WORKING POC
AV Tutorial Script 1.0 - Unauthenticated Arbitrary Password Change via changePW.php
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
CVE-2007-2574 EXPLOITDB text WORKING POC
Archangel Weblog 0.90.02 - Path Traversal
Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter.
CVE-2007-2168 EXPLOITDB html WORKING POC
aimstats < 3.2 - Remote Code Execution via Database Host Parameter
Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2507 EXPLOITDB text WORKING POC
Treble Designs 1024 CMS 0.7 - Path Traversal
Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter.
EIP-2026-103609 EXPLOITDB html WORKING POC
Opera 9.10 - 'alert()' Remote Denial of Service
CVE-2007-2486 EXPLOITDB text WORKING POC
Motobit 1.3 and 1.5 - Directory Traversal via File Parameter
Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter.