K-159

64 exploits Active since Dec 2004
EIP-2026-107826 EXPLOITDB perl WORKING POC
INDEXU 5.0.1 - 'base_path' Remote File Inclusion
CVE-2008-6427 EXPLOITDB text WORKING POC
hivemaker < 1.0.2 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2006-5240 EXPLOITDB perl WORKING POC
Docmint <2.0 - Remote Code Execution
PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.
CVE-2008-6250 EXPLOITDB text WORKING POC
Comdev Web Blogger < 4.1.3 - SQL Injection via arcmonth Parameter
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
CVE-2006-3186 EXPLOITDB text WRITEUP
CMS Faethon 1.3.2 - Cross-Site Scripting via mainpath Parameter
Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2009-0516 EXPLOITDB text WORKING POC
BusinessSpace < 1.2 - SQL Injection via Classified Page id Parameter
SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2007-1721 EXPLOITDB text WORKING POC
C-Arbre < 0.6_pr7 - Remote File Inclusion via root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.
EIP-2026-105633 EXPLOITDB text WRITEUP
BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass
CVE-2007-6106 EXPLOITDB text WORKING POC
AlstraSoft E-Friends <4.98 - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
CVE-2008-2096 EXPLOITDB text WRITEUP
BackLinkSpider - SQL Injection via cat_id Parameter
SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php.
CVE-2008-4207 EXPLOITDB text WRITEUP
Attachmax Dolphin <= 2.1.0 - Unauthenticated Sensitive Information Exposure via info.php
Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party information.
CVE-2008-2189 EXPLOITDB text WORKING POC
AnServ Auction XL - SQL Injection via viewfaqs.php cat Parameter
SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.
EIP-2026-105182 EXPLOITDB perl WORKING POC
AngelineCMS 0.8.1 - 'installpath' Remote File Inclusion
CVE-2004-1888 EXPLOITDB perl WORKING POC
Aborior Encore WebForum - Command Injection
display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable.