EgiX

136 exploits Active since Feb 2005
CVE-2009-3844 EXPLOITDB ruby WORKING POC
HP OpenView Data Protector 5.50/6.0 - Remote Code Execution via MSG_PROTOCOL Packet
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
CVE-2009-3844 EXPLOITDB ruby WORKING POC
HP OpenView Data Protector 5.50/6.0 - Remote Code Execution via MSG_PROTOCOL Packet
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
CVE-2007-2280 EXPLOITDB ruby WORKING POC
HP OpenView Storage Data Protector 5.50 and 6.0 - Remote Code Execution via MSG_PROTOCOL Command
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.
CVE-2008-4453 EXPLOITDB html WORKING POC
GdPicture Light Imaging Toolkit and Pro Imaging SDK - Arbitrary File Write via SaveAsPDF Method
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
CVE-2007-6623 EXPLOITDB php WORKING POC
ZeusCMS < 0.3 - Path Traversal via Dir Parameter
Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter.
CVE-2011-4825 EXPLOITDB php WORKING POC
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
EIP-2026-114292 EXPLOITDB php WORKING POC
WordPress Plugin Zingiri 2.2.3 - 'ajax_save_name.php' Remote Code Execution
CVE-2012-5318 EXPLOITDB php WORKING POC
Kish Guest Posting plugin 1.2 - RCE
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
CVE-2011-4449 EXPLOITDB ruby WORKING POC
WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Execution via File Upload with Multiple Extensions
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
CVE-2011-4452 EXPLOITDB text WRITEUP
WikkaWiki 1.3.1 and 1.3.2 - Cross-Site Request Forgery in AdminUsers Component
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
CVE-2012-5223 EXPLOITDB ruby WORKING POC
vBSEO < 3.6.0 - Remote Code Execution via char_repl Parameter
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
CVE-2013-3528 EXPLOITDB text WRITEUP
Vanilla Forums <2.0.18.8 - Code Injection
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
CVE-2012-1496 EXPLOITDB HIGH php WORKING POC
WebCalendar < 1.2.5 - Local File Inclusion
Local file inclusion in WebCalendar before 1.2.5.
CVSS 8.8
CVE-2013-3215 EXPLOITDB CRITICAL text WRITEUP
vtiger CRM 5.1.0-5.4.0 - Authentication Bypass via Improper Session Validation
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVSS 9.8
CVE-2019-17132 EXPLOITDB CRITICAL php WORKING POC
vBulletin <= 5.5.4 - Remote Code Execution via Custom Avatar Handling
vBulletin through 5.5.4 mishandles custom avatars.
CVSS 9.8
CVE-2012-0911 EXPLOITDB CRITICAL php WORKING POC
TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
CVSS 9.8
CVE-2011-4558 EXPLOITDB HIGH text WRITEUP
Tiki < 8.2 - Authenticated Remote Code Execution via Regex Parameters
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
CVSS 7.2
CVE-2012-3996 EXPLOITDB ruby WORKING POC
TikiWiki CMS/Groupware < 8.2 - Exposure of Sensitive Information via Direct Request
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
CVE-2009-1911 EXPLOITDB php WORKING POC
TinyWebGallery <= 1.7.6 - Remote File Inclusion via Lang Parameter
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
CVE-2012-0694 EXPLOITDB CRITICAL php WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
CVE-2011-5075 EXPLOITDB php WORKING POC
Support Incident Tracker 3.45-3.65 - Information Disclosure via translate.php save action
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
CVE-2012-0694 EXPLOITDB CRITICAL ruby WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
CVE-2008-0129 EXPLOITDB php WORKING POC
Siteatschool < 2.3.10 - SQL Injection
SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.
EIP-2026-112182 EXPLOITDB php WORKING POC
Site@School 2.4.10 - 'FCKeditor' Session Hijacking / Arbitrary File Upload
EIP-2026-111795 EXPLOITDB php WORKING POC
RoSPORA 1.5.0 - Remote PHP Code Injection