EgiX

136 exploits Active since Feb 2005
CVE-2013-1453 EXPLOITDB text WRITEUP
Joomla! 2.5.x-3.0.2 - PHP Object Injection via Highlight Parameter
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
CVE-2013-3242 EXPLOITDB text WRITEUP
Joomla! <2.5.10-3.0.4 - Code Injection
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
CVE-2012-5692 EXPLOITDB php WORKING POC
Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
EIP-2026-108034 EXPLOITDB php WORKING POC
JAKCMS PRO 2.2.5 - Arbitrary File Upload
CVE-2011-5147 EXPLOITDB text WORKING POC
FreeWebshop < 2.2.9 - Remote Code Execution via Ajax File Manager
Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.
EIP-2026-107066 EXPLOITDB php WORKING POC
Feed on Feeds 0.5 - Remote PHP Code Injection
EIP-2026-106782 EXPLOITDB text WORKING POC
eFront 3.6.10 (build 11944) - Multiple Vulnerabilities
CVE-2007-6543 EXPLOITDB text WORKING POC
eSyndiCat Link Exchange Script - SQL Injection
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2686 EXPLOITDB php WORKING POC
Flux CMS < 1.50 - Remote Code Execution via XML Parameter File Overwrite
webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename.
CVE-2008-6490 EXPLOITDB php WORKING POC
FLABER < 1.1 - Arbitrary File Write via update_xml.php target_file Parameter
function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php.
CVE-2008-2195 EXPLOITDB php WORKING POC
deluxebb < 1.1 - Authenticated PHP Code Injection via admincp.php URI
Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.
CVE-2008-6475 EXPLOITDB php WORKING POC
Drake CMS < 0.2.2.846 - SQL Injection via HTTP_VIA Header
SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php.
EIP-2026-106530 EXPLOITDB php WORKING POC
Dolphin 7.0.7 - 'member_menu_queries.php' Remote PHP Code Injection
EIP-2026-106509 EXPLOITDB php WORKING POC
Dokeos Lms 1.8.5 - 'whoisonline.php' PHP Code Injection
CVE-2008-7154 EXPLOITDB php WORKING POC
Docebo < 3.5.0.3 - Unauthenticated Sensitive Information Exposure via Direct Request
Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.
CVE-2008-7153 EXPLOITDB php WORKING POC
Docebo < 3.5.0.3 - SQL Injection via Accept-Language HTTP Header
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
CVE-2013-7387 EXPLOITDB text WRITEUP
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
CVE-2007-6656 EXPLOITDB text WORKING POC
CMS Made Simple <1.2.2 - SQL Injection
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
CVE-2013-1465 EXPLOITDB CRITICAL text WRITEUP
CubeCart 5.0.0-5.2.0 - Remote Code Execution via Unserialization in Shipping Parameter
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
CVSS 9.8
CVE-2008-3486 EXPLOITDB php WORKING POC
Coppermine Photo Gallery <1.4.18 - Path Traversal
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
EIP-2026-106039 EXPLOITDB php WORKING POC
cmsWorks 2.2 RC4 - 'FCKeditor' Arbitrary File Upload
CVE-2008-2267 EXPLOITDB php WORKING POC
CMS Made Simple <= 1.2.4 - Remote Code Execution via File Upload Bypass
Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/.
EIP-2026-105969 EXPLOITDB php WORKING POC
CMS from Scratch 1.1.3 - 'FCKeditor' Arbitrary File Upload
CVE-2011-4825 EXPLOITDB text WRITEUP
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2012-1153 EXPLOITDB php WORKING POC
appRain CMF <= 0.1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.