Inphex

18 exploits Active since Mar 2007
CVE-2008-5577 EXPLOITDB ruby WORKING POC
scssboard 1.0-1.12 - Remote Code Execution via index.php inc_function Parameter
PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter.
CVE-2008-5576 EXPLOITDB ruby WORKING POC
scssboard 1.0-1.12 - Unauthenticated Authentication Bypass via current_user[users_level] Parameter
admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter.
CVE-2008-1539 EXPLOITDB perl WORKING POC
PHP-Nuke Platinum 7.6.b.5 - SQL Injection
SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module.
EIP-2026-118176 EXPLOITDB php WORKING POC
XAMPP for Windows 1.6.3a - Local Privilege Escalation
CVE-2007-4441 EXPLOITDB php WORKING POC
PHP < 5.2.0 - Buffer Overflow in win32std Extension via win_browse_file Function
Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.
CVE-2007-4255 EXPLOITDB php WORKING POC
PHP 5.2.3 - Buffer Overflow via msql_connect Function
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
CVE-2007-1413 EXPLOITDB php WORKING POC
PHP < 5.2.3 - Buffer Overflow in SNMP Extension via snmpget Function
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).
EIP-2026-114552 EXPLOITDB perl WORKING POC
YouTube Clone Script - 'spages.php' Remote Code Execution
CVE-2008-5578 EXPLOITDB ruby WORKING POC
scssboard 1.0-1.12 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values.
CVE-2008-3239 EXPLOITDB perl WORKING POC
phpizabi 0.848b C1 HFP1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via writeLogEntry Function
Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.
CVE-2008-1680 EXPLOITDB perl WORKING POC
PHP-Nuke Platinum 7.6.b.5 - Info Disclosure
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc.
EIP-2026-110020 EXPLOITDB perl WORKING POC
ODFaq 2.1.0 - Blind SQL Injection
CVE-2008-6653 EXPLOITDB perl WORKING POC
com_webhosting < 1.1 - SQL Injection via catid Parameter
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-0802 EXPLOITDB perl WORKING POC
MediaSlide (com_mediaslide) 0.5 - SQL Injection via albumnum Parameter
SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.
CVE-2008-1559 EXPLOITDB perl WORKING POC
Joomla! com_alphacontent 2.5.8 - SQL Injection
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
EIP-2026-107320 EXPLOITDB perl WORKING POC
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution
EIP-2026-107321 EXPLOITDB php WORKING POC
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution
EIP-2026-106165 EXPLOITDB perl WORKING POC
Coppermine Photo Gallery 1.4.20 - 'IMG' Privilege Escalation