bd0rk

65 exploits Active since Sep 1999
CVE-2010-4884 EXPLOITDB text WORKING POC
Gaestebuch 1.2 - RCE
PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
CVE-2006-6889 EXPLOITDB text WRITEUP
FreeStyle Wiki <3.6.2 - Info Disclosure
FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat.
CVE-2009-0331 EXPLOITDB text WORKING POC
Enhanced Simple PHP Gallery <1.72 - Path Traversal
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.
CVE-2006-6866 EXPLOITDB text WRITEUP
STphp EasyNews PRO 4.0 - Info Disclosure
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.
CVE-2009-5095 EXPLOITDB perl WORKING POC
Ea-style Gbook - Code Injection
PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter.
CVE-2007-1983 EXPLOITDB perl WORKING POC
Cyboards PHP Lite 1.21 - RCE
PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.
CVE-2006-6732 EXPLOITDB text WORKING POC
cwmVote 1.0 - RCE
PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter.
CVE-2006-6738 EXPLOITDB perl WORKING POC
cwmCounter <5.1.1 - Code Injection
PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
EIP-2026-105592 EXPLOITDB text WORKING POC
BOOKSolved 1.2.2 - Remote File Disclosure
CVE-2011-4572 EXPLOITDB python WORKING POC
Codefuture CF Image Hosting Script - XSS
Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate.
EIP-2026-105475 EXPLOITDB text WORKING POC
Bigware Shop 2.3.01 - Multiple Local File Inclusions
EIP-2026-105186 EXPLOITDB html WORKING POC
AnoBBS 1.0.1 - Remote File Inclusion
CVE-2007-0170 EXPLOITDB text WORKING POC
AllMyVisitors 0.4.0 - Code Injection
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.
CVE-2007-4585 EXPLOITDB text WORKING POC
Gigs 1.2.1 - Path Traversal
Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-1999-0953 EXPLOITDB text WRITEUP
WWWBoard - Info Disclosure
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.