K-159

64 exploits Active since Dec 2004
EIP-2026-107826 EXPLOITDB perl WORKING POC
INDEXU 5.0.1 - 'base_path' Remote File Inclusion
CVE-2008-6427 EXPLOITDB text WORKING POC
Hivemaker < 1.0.2 - SQL Injection
SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2006-5240 EXPLOITDB perl WORKING POC
Docmint <2.0 - RCE
PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.
CVE-2008-6250 EXPLOITDB text WORKING POC
Comdev Web Blogger < 4.1.3 - SQL Injection
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
CVE-2006-3186 EXPLOITDB text WRITEUP
CMS Faethon 1.3.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2009-0516 EXPLOITDB text WORKING POC
BusinessSpace <1.2 - SQL Injection
SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2007-1721 EXPLOITDB text WORKING POC
C-Arbre 0.6PR7 - RCE
Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.
EIP-2026-105633 EXPLOITDB text WRITEUP
BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass
CVE-2007-6106 EXPLOITDB text WORKING POC
AlstraSoft E-Friends <4.98 - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
CVE-2008-2096 EXPLOITDB text WRITEUP
Backlinkspider Backlink Spider - SQL Injection
SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php.
CVE-2008-4207 EXPLOITDB text WRITEUP
Attachmax Dolphin - Information Disclosure
Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party information.
CVE-2008-2189 EXPLOITDB text WORKING POC
Anserv Auction XL - SQL Injection
SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.
EIP-2026-105182 EXPLOITDB perl WORKING POC
AngelineCMS 0.8.1 - 'installpath' Remote File Inclusion
CVE-2004-1888 EXPLOITDB perl WORKING POC
Aborior Encore WebForum - Command Injection
display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable.