JIKO

41 exploits Active since Jun 2005
CVE-2008-1866 EXPLOITDB WORKING POC
PixelMotion - RCE
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
CVE-2008-1866 EXPLOITDB text WRITEUP
PixelMotion - RCE
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
EIP-2026-116572 EXPLOITDB perl WORKING POC
WM Downloader 3.0.0.9 - PLS WMDownloader (PoC)
CVE-2008-6284 EXPLOITDB text WORKING POC
1scripts Z1exchange - SQL Injection
SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter.
EIP-2026-114368 EXPLOITDB text WORKING POC
WorkSimple 1.3.2 - Multiple Vulnerabilities
CVE-2005-1882 EXPLOITDB text WRITEUP
YaPiG <0.94u - Code Injection
PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter.
CVE-2008-4718 EXPLOITDB text WORKING POC
X7 Group X7 Chat < 2.0.1 - Path Traversal
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
EIP-2026-113014 EXPLOITDB text WORKING POC
vBulletin Adsense Component - 'viewpage.php' SQL Injection
EIP-2026-113308 EXPLOITDB text WRITEUP
Webify Photo Gallery - Arbitrary File Deletion
EIP-2026-113306 EXPLOITDB text WRITEUP
Webify eDownloads Cart - Arbitrary File Deletion
EIP-2026-113305 EXPLOITDB text WRITEUP
Webify Business Directory - Arbitrary File Deletion
EIP-2026-113304 EXPLOITDB text WORKING POC
Webify Blog - Arbitrary File Deletion
EIP-2026-113136 EXPLOITDB text WORKING POC
Vlinks 2.0.3 - 'id' SQL Injection
CVE-2009-5091 EXPLOITDB text WORKING POC
Vlinks - SQL Injection
SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4874 EXPLOITDB text WORKING POC
Scripts.oldguy Talkback - Access Control
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.
CVE-2009-2553 EXPLOITDB text WORKING POC
Super Simple Blog Script 2.5.4 - SQL Injection
Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.
CVE-2009-2552 EXPLOITDB text WORKING POC
Super Simple Blog Script 2.5.4 - Path Traversal
Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter.
CVE-2008-7077 EXPLOITDB text WRITEUP
Relative Sailplanner - SQL Injection
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2008-2088 EXPLOITDB text WORKING POC
Phpforge Php Forge - SQL Injection
SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php.
EIP-2026-110508 EXPLOITDB text WORKING POC
pbboard 2.1.1 - Multiple Vulnerabilities
EIP-2026-110310 EXPLOITDB text WRITEUP
OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusions
EIP-2026-109907 EXPLOITDB text WORKING POC
Newbie CMS 0.0.2 - Insecure Cookie Authentication Bypass
EIP-2026-109906 EXPLOITDB text WRITEUP
Newbie CMS - File Disclosure
EIP-2026-109147 EXPLOITDB text WRITEUP
Limny 1.01 - Arbitrary File Upload
EIP-2026-107970 EXPLOITDB text WORKING POC
IslamSound - Multiple SQL Injections