EgiX

136 exploits Active since Feb 2005
EIP-2026-111960 EXPLOITDB text WORKING POC
Seagull PHP Framework 0.6.4 - 'FCKeditor' Arbitrary File Upload
CVE-2007-6550 EXPLOITDB php WORKING POC
PMOS Help Desk <2.4 - Code Injection
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
CVE-2011-4453 EXPLOITDB ruby WORKING POC
PmWiki 2.x < 2.2.35 - Remote Code Execution via PageListSort Order Parameter
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
CVE-2011-4453 EXPLOITDB php WORKING POC
PmWiki 2.x < 2.2.35 - Remote Code Execution via PageListSort Order Parameter
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
CVE-2008-4645 EXPLOITDB php WORKING POC
phpwebgallery <= 1.7.2 - Authenticated Remote Code Execution via Event Tracer Sort Parameter
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
CVE-2007-5453 EXPLOITDB php WORKING POC
Php-Stats 0.1.9.2 - Authenticated Remote Code Execution via Eval Injection in Admin Options
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.
CVE-2009-0820 EXPLOITDB php WORKING POC
phpScheduleIt <1.2.11 - Code Injection
Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132.
CVE-2008-6132 EXPLOITDB ruby WORKING POC
phpScheduleIt <1.2.10 - Code Injection
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
CVE-2011-4825 EXPLOITDB php WORKING POC
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2008-3118 EXPLOITDB php WORKING POC
phpmotion < 2.0 - SQL Injection via vid Parameter
SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.
CVE-2011-4075 EXPLOITDB ruby WORKING POC
phpLDAPadmin < 1.2.2 - Remote Code Execution via Orderby Parameter
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
CVE-2011-4075 EXPLOITDB php WORKING POC
phpLDAPadmin < 1.2.2 - Remote Code Execution via Orderby Parameter
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
EIP-2026-111084 EXPLOITDB php WORKING POC
PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload
CVE-2012-1300 EXPLOITDB php WORKING POC
PHPFox 3.0.1 - 'ajax.php' Remote Command Execution
CVE-2008-5968 EXPLOITDB php WORKING POC
PHP iCalendar <2.24 - Path Traversal
Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.
CVE-2012-1002 EXPLOITDB php WORKING POC
OpenConf < 4.12 - SQL Injection via Author Edit PID Parameter
SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-6178 EXPLOITDB php WORKING POC
FCKeditor 2.2 - Remote Code Execution via ZIP File Upload
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
CVE-2008-1856 EXPLOITDB php WORKING POC
LinPHA <= 1.3.3 - Unauthenticated Directory Traversal and Arbitrary File Execution via Maps Configuration
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
CVE-2008-6632 EXPLOITDB php WORKING POC
MercuryBoard <= 1.1.5 - SQL Injection via User-Agent HTTP Header
SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).
CVE-2008-4687 EXPLOITDB text WORKING POC
Mantis < 1.1.4 - Authenticated Remote Code Execution via Sort Parameter
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
CVE-2011-4825 EXPLOITDB ruby WORKING POC
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2007-4053 EXPLOITDB php WORKING POC
LinPHA < 1.3.1 - SQL Injection via Order Parameter
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
CVE-2007-5156 EXPLOITDB text WORKING POC
FCKeditor - Remote Code Execution via File Upload
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
EIP-2026-109128 EXPLOITDB php WORKING POC
LightBlog 9.9.2 - 'register.php' Remote Code Execution
EIP-2026-109064 EXPLOITDB php WORKING POC
Lanius CMS 0.5.2 - Arbitrary File Upload