cijfer

10 exploits Active since Jan 2006
EIP-2026-114506 EXPLOITDB perl WORKING POC
YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution
EIP-2026-114418 EXPLOITDB perl WORKING POC
xeCMS 1.0.0 RC 2 - 'cookie' Remote Command Execution
CVE-2006-0099 EXPLOITDB perl WORKING POC
Valdersoft Shopping Cart 3.0 - RCE
PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter.
EIP-2026-111190 EXPLOITDB perl WORKING POC
phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)
CVE-2006-0157 EXPLOITDB perl WORKING POC
Reamday Enterprises Magic News Plus <1.0.3 - RCE
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.
EIP-2026-107124 EXPLOITDB perl WORKING POC
FlatCMS 1.01 - 'file_editor.php' Remote Command Execution
CVE-2006-0214 EXPLOITDB perl WORKING POC
ezDatabase <2.0 - Code Injection
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.
EIP-2026-106300 EXPLOITDB perl WORKING POC
CuteNews 1.4.1 - 'categories.mdu' Remote Command Execution
CVE-2006-0064 EXPLOITDB perl WORKING POC
CubeCart - RCE
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.
CVE-2006-2149 EXPLOITDB perl WORKING POC
Aardvark Topsites PHP <4.2.2 - RCE
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.