JIKO

41 exploits Active since Jun 2005
EIP-2026-107177 EXPLOITDB text WORKING POC
Fonts Site Script - Remote File Disclosure
CVE-2008-1730 EXPLOITDB text WRITEUP
ARWScripts Gallery Script Lite - Path Traversal
Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.
CVE-2008-3675 EXPLOITDB text WORKING POC
Gelato 0.95 - Path Traversal
Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-107340 EXPLOITDB text WRITEUP
GameRoom Script - Authentication Bypass / Arbitrary File Upload
EIP-2026-107296 EXPLOITDB text SUSPICIOUS
ftpzik - Cross-Site Scripting / Local File Inclusion
CVE-2009-0284 EXPLOITDB text WORKING POC
Flax Article Manager 1.1 - SQL Injection
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
EIP-2026-107014 EXPLOITDB text WORKING POC
eZoneScripts (Multiple Scripts) - Insecure Cookie Authentication Bypass
CVE-2008-1975 EXPLOITDB text WRITEUP
cogites e_reserve 2.1 - SQL Injection via ID_loc Parameter
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.
EIP-2026-105930 EXPLOITDB text WORKING POC
Clipbucket 1.7 - 'dwnld.php' Directory Traversal
CVE-2008-1868 EXPLOITDB text WORKING POC
Blog Pixel Motion - Info Disclosure
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
CVE-2008-1760 EXPLOITDB text WORKING POC
blogator-script < 1.00 - Remote Code Execution via incl_page Parameter
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
CVE-2008-4707 EXPLOITDB text WORKING POC
BbZL.PhP 0.92 - Path Traversal via lien_2 Parameter
Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. (dot dot) in the lien_2 parameter.
CVE-2008-4667 EXPLOITDB text WORKING POC
ArabCMS 2.0 beta 1 - Path Traversal via RSS Parameter
Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter.
EIP-2026-105200 EXPLOITDB text WORKING POC
ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities
EIP-2026-104949 EXPLOITDB text WORKING POC
Adem 0.5.1 - Local File Inclusion
CVE-2008-2638 EXPLOITDB text WORKING POC
1-script 1-book < 1.0.1 - Remote Code Execution via Guestbook Message Parameter
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.