Osirys

66 exploits Active since May 2006
EIP-2026-107158 EXPLOITDB perl WORKING POC
Fluorine CMS 0.1 rc 1 - File Disclosure / SQL Injection / Command Execution
CVE-2008-5927 EXPLOITDB text WORKING POC
FlexPHPNews 0.0.6 - SQL Injection via User Check Parameters
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6731 EXPLOITDB perl WORKING POC
FlexPHPLink Pro 0.0.7 - Unauthenticated Arbitrary File Upload via submitlink.php
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
CVE-2008-6761 EXPLOITDB text WORKING POC
Flexcustomer 0.0.6 - Remote Code Execution via Database Name Parameter
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.
EIP-2026-107081 EXPLOITDB perl WORKING POC
Fhimage 1.2.1 - Remote Index Change
EIP-2026-107080 EXPLOITDB perl WORKING POC
Fhimage 1.2.1 - Remote Command Execution (mq = off)
EIP-2026-107005 EXPLOITDB text WORKING POC
EZ-Shop 1.02 - Lateral SQL Injection
EIP-2026-106413 EXPLOITDB text WORKING POC
Demium CMS 0.2.1b - Multiple Vulnerabilities
CVE-2008-4483 EXPLOITDB text WRITEUP
Crux Gallery < 1.32 - Remote File Inclusion via Theme Parameter
Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
CVE-2009-5094 EXPLOITDB perl WORKING POC
CMS Faethon 2.2.0 Ultimate - SQL Injection via info.php item Parameter
SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter.
CVE-2009-5090 EXPLOITDB perl WORKING POC
Bloggeruniverse Beta 2 - SQL Injection via editcomments.php id Parameter
SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors.
CVE-2008-5738 EXPLOITDB text WRITEUP
Nodstrum MySQL Calendar <1.3 - Auth Bypass
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information.
CVE-2008-6328 EXPLOITDB text WORKING POC
Butterfly Organizer 2.0.0 and 2.0.1 - SQL Injection via id Parameter
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-105532 EXPLOITDB perl WORKING POC
BlogWrite 0.91 - Remote File Disclosure / SQL Injection
CVE-2009-1049 EXPLOITDB text WORKING POC
Bloginator 1A - SQL Injection via articleCall.php id Parameter
SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6902 EXPLOITDB text WRITEUP
2532gigs 1.2.2 - Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/.