RusH

33 exploits Active since Nov 2003
CVE-2005-1649 EXPLOITDB c WORKING POC
Windows 2003 Server and XP - Denial of Service via IPv6 Land Attack
The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
EIP-2026-114648 EXPLOITDB perl WORKING POC
ZPanel 2.5b10 - SQL Injection
CVE-2005-4633 EXPLOITDB perl WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4619. Reason: This candidate is a duplicate of CVE-2005-4619. Notes: All CVE users should reference CVE-2005-4619 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2005-2113 EXPLOITDB perl WORKING POC
XOOPS <= 2.0.11 - SQL Injection via XMLRPC LoginUser Function
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
EIP-2026-113489 EXPLOITDB perl WORKING POC
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
EIP-2026-112846 EXPLOITDB perl WORKING POC
UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force
CVE-2005-3423 EXPLOITDB perl WORKING POC
Subdreamer 2.2.1 - SQL Injection via Loginusername Parameter or Cookies
Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php.
EIP-2026-111581 EXPLOITDB perl WORKING POC
PunBB 1.2.2 - Authentication Bypass
CVE-2008-0092 EXPLOITDB perl WORKING POC
phpWebSite 1.4.0 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
EIP-2026-110952 EXPLOITDB perl WORKING POC
phpBB 2.0.17 - 'signature_bbcode_uid' Remot Command
CVE-2003-1216 EXPLOITDB perl WORKING POC
phpBB <= 2.0.6 - SQL Injection via search_id Parameter
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
EIP-2026-110955 EXPLOITDB perl WORKING POC
phpBB 2.0.19 - 'user_sig_bbcode_uid' Remote Code Execution
CVE-2004-1315 EXPLOITDB perl WORKING POC
phpBB 2.x < 2.0.11 - Remote Code Execution via Double-Encoded Highlight Parameter
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
EIP-2026-110853 EXPLOITDB perl WORKING POC
PHP-Nuke 6.9 - 'cid' SQL Injection
EIP-2026-110863 EXPLOITDB c WORKING POC
PHP-Nuke 7.8 - 'modules.php' SQL Injection
EIP-2026-110517 EXPLOITDB php WORKING POC
PBLang 4.65 - Remote Command Execution (2)
EIP-2026-110223 EXPLOITDB perl WORKING POC
Open Bulletin Board 1.0.5 - SQL Injection
EIP-2026-109172 EXPLOITDB perl WORKING POC
LiteForum 2.1.1 - SQL Injection
CVE-2005-2028 EXPLOITDB perl WORKING POC
MercuryBoard <= 1.1.4 - SQL Injection via User-Agent HTTP Header
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
EIP-2026-109270 EXPLOITDB perl WORKING POC
Mambo 4.5.2.1 - SQL Injection
CVE-2004-1531 EXPLOITDB perl WORKING POC
Invision Power Board 2.0.0-2.0.2 - SQL Injection via qpid Parameter
SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.
EIP-2026-107977 EXPLOITDB perl WORKING POC
ITA Forum 1.49 - SQL Injection
CVE-2006-2059 EXPLOITDB perl WORKING POC
Invision Power Board <2.1.x-2.0.x - RCE
action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
CVE-2006-7071 EXPLOITDB perl WORKING POC
Invision Power Board 2.1-2.1.6 - SQL Injection via CLIENT_IP Parameter
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
CVE-2005-2564 EXPLOITDB perl WORKING POC
Gravity Board X <1.1 - Code Injection
Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.