Osirys

66 exploits Active since May 2006
EIP-2026-112826 EXPLOITDB perl WORKING POC
TxtBlog 1.0 Alpha - Remote Command Execution
EIP-2026-112540 EXPLOITDB perl WORKING POC
Syzygy CMS 0.3 - Local File Inclusion / SQL Injection
CVE-2008-5763 EXPLOITDB text WRITEUP
Simple Text-File Login Script <1.0.6 - RCE
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter.
EIP-2026-112155 EXPLOITDB perl WORKING POC
simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution
CVE-2009-0643 EXPLOITDB perl WORKING POC
Simple PHP News 1.0 - Code Injection
Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6763 EXPLOITDB text WRITEUP
Silentum LoginSys 1.0.0 - Unauthenticated Authentication Bypass via logged_in Cookie
login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.
CVE-2008-6743 EXPLOITDB text WORKING POC
RSMScript 1.21 - Unauthenticated Authentication Bypass via Cookie Manipulation
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
CVE-2008-6327 EXPLOITDB text WRITEUP
ProQuiz 1.0 - SQL Injection via Password Parameter
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312.
CVE-2009-0442 EXPLOITDB perl WORKING POC
PHPbbBook <1.3-1.3h - Path Traversal
Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1.3h allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
CVE-2009-0423 EXPLOITDB text WORKING POC
Php Photo Album (PHPPA) 0.8 BETA - Path Traversal
Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter.
EIP-2026-110626 EXPLOITDB perl WORKING POC
PhotoStand 1.2.0 - Remote Command Execution
EIP-2026-110614 EXPLOITDB text WRITEUP
Photobase 1.2 - 'Language' Local File Inclusion
CVE-2009-0275 EXPLOITDB perl WORKING POC
Ryneezy phoSheezy 0.2 - Code Injection
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6143 EXPLOITDB text WRITEUP
OwenPoll 1.0 - Unauthenticated Authentication Bypass via Username Cookie
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.
CVE-2008-5855 EXPLOITDB text WRITEUP
myPHPscripts Login Session 2.0 - Info Disclosure
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.
CVE-2008-5334 EXPLOITDB text WRITEUP
NitroTech 0.0.3a - Remote Code Execution via Root Parameter
PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
EIP-2026-109676 EXPLOITDB perl WORKING POC
My Simple Forum 7.1 - Remote Command Execution
EIP-2026-109164 EXPLOITDB perl WORKING POC
LinPHA Photo Gallery 2.0 - Remote Command Execution
CVE-2008-5894 EXPLOITDB text WORKING POC
Mediatheka 4.2 - Path Traversal via Lang Parameter
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
EIP-2026-107870 EXPLOITDB perl WORKING POC
InselPhoto 1.1 - 'query' SQL Injection
EIP-2026-107336 EXPLOITDB text WRITEUP
Gallery Kys 1.0 - Admin Password Disclosure / Persistent Cross-Site Scripting
EIP-2026-107571 EXPLOITDB perl WORKING POC
Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution
EIP-2026-107480 EXPLOITDB perl WORKING POC
Graugon Forum 1 - 'id' Command Injection / SQL Injection
CVE-2009-0731 EXPLOITDB perl WORKING POC
Free Arcade Script 1.0 - Path Traversal
Directory traversal vulnerability in pages/play.php in Free Arcade Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
EIP-2026-106944 EXPLOITDB perl WORKING POC
eVision CMS 2.0 - Remote Code Execution