GulfTech Security

165 exploits Active since Mar 2004
CVE-2005-1202 EXPLOITDB text WRITEUP
eGroupware <1.0.0.007 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
EIP-2026-106988 EXPLOITDB text WORKING POC
eyeOS 0.8.x - Session Remote Command Execution
CVE-2005-1203 EXPLOITDB text WRITEUP
eGroupware <1.0.0.007 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.
CVE-2005-1202 EXPLOITDB text WRITEUP
eGroupware <1.0.0.007 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
CVE-2005-1203 EXPLOITDB text WRITEUP
eGroupware <1.0.0.007 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.
CVE-2005-0887 EXPLOITDB text WORKING POC
Double Choco Latte <0.9.4.3 - Code Injection
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
EIP-2026-106661 EXPLOITDB text WRITEUP
e107 < 0.7.11 - Arbitrary Variable Overwriting
EIP-2026-106328 EXPLOITDB text WRITEUP
D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities
CVE-2006-0650 EXPLOITDB text WRITEUP
Cpaint - XSS
Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.
CVE-2006-4525 EXPLOITDB text WRITEUP
Devellion Cubecart < 3.0.12 - XSS
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.
CVE-2008-6394 EXPLOITDB text WRITEUP
Cs-cart < 1.3.5 - SQL Injection
SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.
CVE-2008-3845 EXPLOITDB text WRITEUP
Crafty Syntax Live Help <2.14.6 - SQL Injection
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.
CVE-2006-4844 EXPLOITDB text WRITEUP
Claroline <1.7.7 - RCE
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
CVE-2006-5031 EXPLOITDB text WRITEUP
CakePHP <1.1.8.3544 - Path Traversal
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
CVE-2005-1642 EXPLOITDB text WRITEUP
Woltlab Burning Board - SQL Injection
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
CVE-2005-1200 EXPLOITDB text WRITEUP
AZ Bulletin Board <1.0.07c - RCE
PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code.
EIP-2026-105322 EXPLOITDB text WRITEUP
AutoRank PHP < 2.0.4 - SQL Injection (PoC)
EIP-2026-104882 EXPLOITDB text WRITEUP
Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities
CVE-2008-5090 EXPLOITDB text WRITEUP
Anelectron Advanced Electron Forum < 1.0.6 - Code Injection
Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
CVE-2006-0806 EXPLOITDB text WRITEUP
John LIM Adodb - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.
EIP-2026-104628 EXPLOITDB text WRITEUP
MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities
EIP-2026-104259 EXPLOITDB text WRITEUP
FTP Service < 1.2 - Multiple Vulnerabilities
EIP-2026-104493 EXPLOITDB text WRITEUP
WinMX < 2.6 - Design Error
EIP-2026-104441 EXPLOITDB text WRITEUP
Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities
EIP-2026-104395 EXPLOITDB text WORKING POC
phpLinks < 2.1.2 - Multiple Vulnerabilities