JIKO

41 exploits Active since Jun 2005
CVE-2008-1866 EXPLOITDB WORKING POC
PixelMotion Blog - Authenticated PHP ZIP Upload Code Execution
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
CVE-2008-1866 EXPLOITDB text WRITEUP
PixelMotion Blog - Authenticated PHP ZIP Upload Code Execution
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
EIP-2026-116572 EXPLOITDB perl WORKING POC
WM Downloader 3.0.0.9 - PLS WMDownloader (PoC)
CVE-2008-6284 EXPLOITDB text WORKING POC
Z1Exchange 1.0 - SQL Injection via Edit.php Site Parameter
SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter.
EIP-2026-114368 EXPLOITDB text WORKING POC
WorkSimple 1.3.2 - Multiple Vulnerabilities
CVE-2005-1882 EXPLOITDB text WRITEUP
YaPiG 0.93u and 0.94u - Remote File Inclusion via YAPIG_PATH Parameter
PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter.
CVE-2008-4718 EXPLOITDB text WORKING POC
X7 Chat < 2.0.1 - Path Traversal and Arbitrary File Execution via Help File Parameter
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
EIP-2026-113014 EXPLOITDB text WORKING POC
vBulletin Adsense Component - 'viewpage.php' SQL Injection
EIP-2026-113308 EXPLOITDB text WRITEUP
Webify Photo Gallery - Arbitrary File Deletion
EIP-2026-113306 EXPLOITDB text WRITEUP
Webify eDownloads Cart - Arbitrary File Deletion
EIP-2026-113305 EXPLOITDB text WRITEUP
Webify Business Directory - Arbitrary File Deletion
EIP-2026-113304 EXPLOITDB text WORKING POC
Webify Blog - Arbitrary File Deletion
EIP-2026-113136 EXPLOITDB text WORKING POC
Vlinks 2.0.3 - 'id' SQL Injection
CVE-2009-5091 EXPLOITDB text WORKING POC
Vlinks 1.0.3 and 1.1.6 - SQL Injection via id Parameter
SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4874 EXPLOITDB text WORKING POC
TalkBack 2.3.14 - Unauthenticated Comment Modification via comments.php
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.
CVE-2009-2553 EXPLOITDB text WORKING POC
Super Simple Blog Script 2.5.4 - SQL Injection
Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.
CVE-2009-2552 EXPLOITDB text WORKING POC
Super Simple Blog Script 2.5.4 - Path Traversal
Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter.
CVE-2008-7077 EXPLOITDB text WRITEUP
SailPlanner 0.3a - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2008-2088 EXPLOITDB text WORKING POC
PHP Forge 3.0 beta 2 - SQL Injection via News Module id Parameter
SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php.
EIP-2026-110508 EXPLOITDB text WORKING POC
pbboard 2.1.1 - Multiple Vulnerabilities
EIP-2026-110310 EXPLOITDB text WRITEUP
OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusions
EIP-2026-109907 EXPLOITDB text WORKING POC
Newbie CMS 0.0.2 - Insecure Cookie Authentication Bypass
EIP-2026-109906 EXPLOITDB text WRITEUP
Newbie CMS - File Disclosure
EIP-2026-109147 EXPLOITDB text WRITEUP
Limny 1.01 - Arbitrary File Upload
EIP-2026-107970 EXPLOITDB text WORKING POC
IslamSound - Multiple SQL Injections