NetJackal

15 exploits Active since Dec 2004
CVE-2007-4596 EXPLOITDB php WORKING POC
PHP perl Extension - safe_mode Bypass Code Execution
The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.
EIP-2026-117768 EXPLOITDB php WORKING POC
PHP 5.x - 'Win32service' Local 'Safe_Mode()' Bypass
CVE-2007-4441 EXPLOITDB php WORKING POC
PHP < 5.2.0 - Buffer Overflow in win32std Extension via win_browse_file Function
Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.
CVE-2007-4528 EXPLOITDB php WORKING POC
PHP 5.0.5 - Remote Code Execution via FFI Extension DLL Loading
The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE.
CVE-2004-2466 EXPLOITDB php WORKING POC
Easy Chat Server 1.2 and 2.2 - Denial of Service via Long Username Parameter
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
CVE-2008-1348 EXPLOITDB text WORKING POC
eWebsite eWeather - Cross-Site Scripting via Chart Parameter
Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php.
CVE-2008-1283 EXPLOITDB text WORKING POC
Neptune Web Server 3.0 - Cross-Site Scripting via URI in 404 Error Page
Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page.
CVE-2007-4255 EXPLOITDB php WORKING POC
PHP 5.2.3 - Buffer Overflow via msql_connect Function
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
CVE-2007-0118 EXPLOITDB text WRITEUP
EditTag 1.2 - Path Traversal via File Parameter
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.
CVE-2007-0119 EXPLOITDB text WRITEUP
EditTag 1.2 - Cross-Site Scripting via Plain Parameter
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
CVE-2007-0119 EXPLOITDB text WRITEUP
EditTag 1.2 - Cross-Site Scripting via Plain Parameter
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
CVE-2007-0119 EXPLOITDB text WRITEUP
EditTag 1.2 - Cross-Site Scripting via Plain Parameter
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
CVE-2007-0118 EXPLOITDB text WRITEUP
EditTag 1.2 - Path Traversal via File Parameter
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.
CVE-2007-0118 EXPLOITDB text WRITEUP
EditTag 1.2 - Path Traversal via File Parameter
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.
CVE-2007-0118 EXPLOITDB text WRITEUP
EditTag 1.2 - Path Traversal via File Parameter
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.