NetJackal

15 exploits Active since Dec 2004
CVE-2007-4596 EXPLOITDB php WORKING POC
PHP - RCE
The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.
EIP-2026-117768 EXPLOITDB php WORKING POC
PHP 5.x - 'Win32service' Local 'Safe_Mode()' Bypass
CVE-2007-4441 EXPLOITDB php WORKING POC
PHP <5.2.0 - Buffer Overflow
Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.
CVE-2007-4528 EXPLOITDB php WORKING POC
PHP 5.0.5 - RCE
The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE.
CVE-2004-2466 EXPLOITDB php WORKING POC
Easy Chat Server <2.2 - DoS
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
CVE-2008-1348 EXPLOITDB text WORKING POC
eWebsite eWeather - XSS
Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php.
CVE-2008-1283 EXPLOITDB text WORKING POC
Neptune Web Server 3.0 - XSS
Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page.
CVE-2007-4255 EXPLOITDB php WORKING POC
PHP 5.2.3 - RCE
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
CVE-2007-0118 EXPLOITDB text WRITEUP
Edittag - Path Traversal
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.
CVE-2007-0119 EXPLOITDB text WRITEUP
Edittag - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
CVE-2007-0119 EXPLOITDB text WRITEUP
Edittag - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
CVE-2007-0119 EXPLOITDB text WRITEUP
Edittag - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
CVE-2007-0118 EXPLOITDB text WRITEUP
Edittag - Path Traversal
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.
CVE-2007-0118 EXPLOITDB text WRITEUP
Edittag - Path Traversal
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.
CVE-2007-0118 EXPLOITDB text WRITEUP
Edittag - Path Traversal
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.