EgiX

135 exploits Active since Feb 2005
CVE-2009-3844 EXPLOITDB ruby WORKING POC
HP Openview Data Protector Applicatio... - Memory Corruption
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
CVE-2007-2280 EXPLOITDB ruby WORKING POC
HP Openview Storage Data Protector - Memory Corruption
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.
CVE-2008-4453 EXPLOITDB html WORKING POC
Dspicture Light Imaging Toolkit - Access Control
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
CVE-2007-6623 EXPLOITDB php WORKING POC
ZeusCMS <0.3 - Path Traversal
Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter.
CVE-2011-4825 EXPLOITDB php WORKING POC
Phpletter Ajax File And Image Manager < 1.0 - Code Injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
EIP-2026-114292 EXPLOITDB php WORKING POC
WordPress Plugin Zingiri 2.2.3 - 'ajax_save_name.php' Remote Code Execution
CVE-2012-5318 EXPLOITDB php WORKING POC
Kish Guest Posting plugin 1.2 - RCE
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
CVE-2011-4449 EXPLOITDB ruby WORKING POC
WikkaWiki 1.3.1-1.3.2 - RCE
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
CVE-2011-4452 EXPLOITDB text WRITEUP
Wikkawiki - CSRF
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
CVE-2012-5223 EXPLOITDB ruby WORKING POC
vBSEO <3.6.0 - RCE
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
CVE-2013-3528 EXPLOITDB text WRITEUP
Vanilla Forums <2.0.18.8 - Code Injection
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
CVE-2012-1496 EXPLOITDB HIGH php WORKING POC
Webcalendar < 1.2.5 - Injection
Local file inclusion in WebCalendar before 1.2.5.
CVSS 8.8
CVE-2013-3215 EXPLOITDB CRITICAL text WRITEUP
vtiger CRM <5.4.0 - Auth Bypass
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVSS 9.8
CVE-2019-17132 EXPLOITDB CRITICAL php WORKING POC
Vbulletin < 5.5.4 - Code Injection
vBulletin through 5.5.4 mishandles custom avatars.
CVSS 9.8
CVE-2011-4558 EXPLOITDB HIGH text WRITEUP
Tiki < 8.2 - Injection
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
CVSS 7.2
CVE-2012-0911 EXPLOITDB CRITICAL php WORKING POC
TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
CVSS 9.8
CVE-2012-3996 EXPLOITDB ruby WORKING POC
Tikiwiki Cms/groupware < 8.2 - Information Disclosure
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
CVE-2009-1911 EXPLOITDB php WORKING POC
QuiXplorer <2.3.2 - Path Traversal
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
CVE-2012-0694 EXPLOITDB CRITICAL php WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
CVE-2011-5075 EXPLOITDB php WORKING POC
SiT! <3.65 - Info Disclosure
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
CVE-2012-0694 EXPLOITDB CRITICAL ruby WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
CVE-2008-0129 EXPLOITDB php WORKING POC
Siteatschool < 2.3.10 - SQL Injection
SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.
EIP-2026-112182 EXPLOITDB php WORKING POC
Site@School 2.4.10 - 'FCKeditor' Session Hijacking / Arbitrary File Upload
EIP-2026-111795 EXPLOITDB php WORKING POC
RoSPORA 1.5.0 - Remote PHP Code Injection
EIP-2026-111960 EXPLOITDB text WORKING POC
Seagull PHP Framework 0.6.4 - 'FCKeditor' Arbitrary File Upload