JIKO - Security Researcher - Exploit Intelligence Platform

EIP-2026-107177 EXPLOITDB text WORKING POC

Fonts Site Script - Remote File Disclosure

View Code

CVE-2008-1730 EXPLOITDB text WRITEUP

ARWScripts Gallery Script Lite - Path Traversal

Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.

View Code

CVE-2008-3675 EXPLOITDB text WORKING POC

Gelato 0.95 - Path Traversal

Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-107340 EXPLOITDB text WRITEUP

GameRoom Script - Authentication Bypass / Arbitrary File Upload

View Code

EIP-2026-107296 EXPLOITDB text SUSPICIOUS

ftpzik - Cross-Site Scripting / Local File Inclusion

View Code

CVE-2009-0284 EXPLOITDB text WORKING POC

Flax Article Manager 1.1 - SQL Injection

SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

View Code

EIP-2026-107014 EXPLOITDB text WORKING POC

eZoneScripts (Multiple Scripts) - Insecure Cookie Authentication Bypass

View Code

CVE-2008-1975 EXPLOITDB text WRITEUP

E-RESERV 2.1 - SQL Injection

SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.

View Code

EIP-2026-105930 EXPLOITDB text WORKING POC

Clipbucket 1.7 - 'dwnld.php' Directory Traversal

View Code

CVE-2008-1868 EXPLOITDB text WORKING POC

Blog Pixel Motion - Info Disclosure

admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.

View Code

CVE-2008-1760 EXPLOITDB text WORKING POC

PHP <1.01 - RCE

Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.

View Code

CVE-2008-4707 EXPLOITDB text WORKING POC

Sylvain Pasquet Bbzl Php - Path Traversal

Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. (dot dot) in the lien_2 parameter.

View Code

CVE-2008-4667 EXPLOITDB text WORKING POC

Arabcms - Path Traversal

Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter.

View Code

EIP-2026-105200 EXPLOITDB text WORKING POC

ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities

View Code

EIP-2026-104949 EXPLOITDB text WORKING POC

Adem 0.5.1 - Local File Inclusion

View Code

CVE-2008-2638 EXPLOITDB text WORKING POC

1-script 1-book < 1.0.1 - Code Injection

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.

View Code