GulfTech Security

165 exploits Active since Mar 2004
CVE-2008-7091 EXPLOITDB text WRITEUP
Pligg CMS < 9.9.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
CVE-2008-7091 EXPLOITDB perl WORKING POC
Pligg CMS < 9.9.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
CVE-2008-3563 EXPLOITDB text WRITEUP
Plogger <= 3.0 - SQL Injection via checked Parameter
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.
CVE-2004-1655 EXPLOITDB text WRITEUP
phpwebsite 0.9.3-4 - Cross-Site Scripting via Comments Module CM_pid Parameter or Notes Module Fields
Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.
CVE-2004-2364 EXPLOITDB text WRITEUP
PHPX 3.0-3.2.6 - Cross-Site Request Forgery via Admin URL Execution
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
CVE-2005-1921 EXPLOITDB text WORKING POC
PEAR XML_RPC < 1.3.0 and PHPXMLRPC < 1.1 - Remote Code Execution via Unsanitized XML Input
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2004-1384 EXPLOITDB text WRITEUP
phpGroupWare <= 0.9.16.003 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.
CVE-2004-1385 EXPLOITDB text WRITEUP
phpGroupWare <0.9.16.003 - Info Disclosure
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
EIP-2026-111014 EXPLOITDB text WRITEUP
phpCoin 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access
CVE-2004-1384 EXPLOITDB text WRITEUP
phpGroupWare <= 0.9.16.003 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.
EIP-2026-110974 EXPLOITDB text WRITEUP
phpBB < 2.0.7a - Multiple Vulnerabilities
CVE-2005-1378 EXPLOITDB text WORKING POC
phpbb_personal_notes_module < 1.4.6 - SQL Injection via p Parameter
SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors.
CVE-2004-1383 EXPLOITDB text WRITEUP
phpGroupWare 0.9.16.003 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.
EIP-2026-111005 EXPLOITDB text WRITEUP
phpBugTracker < 0.9.1 - Multiple Vulnerabilities
EIP-2026-111206 EXPLOITDB text WRITEUP
phpShop < 0.6.1-b - Multiple Vulnerabilities
CVE-2006-1032 EXPLOITDB text WORKING POC
phpRPC <= 0.7 - Remote Code Execution via Base64 Tag in RPC Decoder
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
EIP-2026-110973 EXPLOITDB text WRITEUP
phpBB < 2.0.6d - Cross Site Scripting
EIP-2026-111066 EXPLOITDB text WRITEUP
phpGedView < 2.65 beta 5 - Multiple Vulnerabilities
CVE-2006-0887 EXPLOITDB text WRITEUP
PHPLib < 7.4a - Remote Code Execution via Base64-Encoded Cookie
Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.
EIP-2026-110609 EXPLOITDB text WRITEUP
Phorum < 5.0.3 Beta - Cross Site Scripting
CVE-2004-1870 EXPLOITDB text WRITEUP
PhotoPost PHP Pro 4.6.x - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
EIP-2026-110533 EXPLOITDB text WORKING POC
PEAR XML_RPC < 1.3.0 - Remote Code Execution
CVE-2005-0273 EXPLOITDB text WRITEUP
PhotoPost PHP Pro < 4.85 - SQL Injection via cat or ppuser Parameter
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
EIP-2026-110622 EXPLOITDB text WRITEUP
PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities
CVE-2008-3764 EXPLOITDB text WRITEUP
Turnkey PHP Live Helper <2.0.1 - Code Injection
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.