bd0rk

65 exploits Active since Sep 1999
EIP-2026-114629 EXPLOITDB text WORKING POC
ZineBasic 1.1 - Arbitrary File Disclosure
CVE-2002-1656 EXPLOITDB text WRITEUP
X-News <1.1 - Auth Bypass
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.
EIP-2026-113625 EXPLOITDB text WORKING POC
WordPress Plugin CevherShare 2.0 - SQL Injection
EIP-2026-112972 EXPLOITDB text WORKING POC
vAuthenticate 3.0.1 - Authentication Bypass
CVE-2006-6890 EXPLOITDB text WRITEUP
Voodoo chat 1.0RC1b - Info Disclosure
Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat.
CVE-2010-2146 EXPLOITDB text WORKING POC
Graviton-mediatech Visitor Logger - Code Injection
PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter.
CVE-2007-0489 EXPLOITDB perl WORKING POC
VisoHotlink 1.01 - RCE
PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-6801 EXPLOITDB python WORKING POC
SH-News 0.93 - Code Injection
PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter.
EIP-2026-111674 EXPLOITDB text WRITEUP
Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion
EIP-2026-111673 EXPLOITDB perl WORKING POC
Ramui Forum Script 9.0 - SQL Injection
CVE-2007-1539 EXPLOITDB perl WORKING POC
Pragmamx Landkarten - Path Traversal
Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
CVE-2006-0164 EXPLOITDB perl WORKING POC
phgstats <0.5.1 - RCE
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
CVE-2008-1512 EXPLOITDB text WORKING POC
XS-Mod 2.3.1, 2.4.0 - Path Traversal
Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-1818 EXPLOITDB text WORKING POC
phpBB 1.7 - RCE
PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-3935 EXPLOITDB text WORKING POC
SupaNav 1.0.0 - RCE
PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
EIP-2026-110975 EXPLOITDB html WORKING POC
phpBB Addon Fishing Cat Portal - Remote File Inclusion
EIP-2026-110976 EXPLOITDB html WORKING POC
phpBB Fishing Cat Portal Addon - 'functions_portal.php' Remote File Inclusion
CVE-2006-5390 EXPLOITDB text WORKING POC
Phpbb Acp User Registration Module - Code Injection
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-1106 EXPLOITDB perl WORKING POC
phpBB NoMoKeTos Rules 0.0.1 - RCE
PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
EIP-2026-110982 EXPLOITDB text WORKING POC
phpBB Random User Registration Number 1.0 Mod - Remote File Inclusion
CVE-2007-1720 EXPLOITDB perl WORKING POC
Sb-websoft Addressbook - Path Traversal
Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
CVE-2007-2346 EXPLOITDB text WORKING POC
PHP-Generics 1.0 beta - RCE
Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2) dbcommon/include.php, and (3) exception/include.php.
CVE-2007-1934 EXPLOITDB perl WORKING POC
Php-nuke Eboard Module - Path Traversal
Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
EIP-2026-110420 EXPLOITDB text WORKING POC
Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusions
EIP-2026-110423 EXPLOITDB perl WORKING POC
Ovidentia NewsLetter Module 2.2 - 'admin.php' Remote File Inclusion