dun

73 exploits Active since Feb 2006
CVE-2012-10049 EXPLOITDB ruby WORKING POC
WebPageTest <2.6 - RCE
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
CVE-2012-10049 EXPLOITDB text WORKING POC
WebPageTest <2.6 - RCE
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
CVE-2012-10042 EXPLOITDB text WORKING POC
Sflog! CMS 1.0 - Authenticated RCE
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling attackers to upload a PHP backdoor into a web-accessible directory (blogs/download/uploads/). Once uploaded, the file can be executed remotely, resulting in full remote code execution.
CVE-2012-10033 EXPLOITDB ruby WORKING POC
Narcissus - RCE
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.
CVE-2012-10033 EXPLOITDB text WORKING POC
Narcissus - RCE
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.
CVE-2008-6668 EXPLOITDB text WORKING POC
Dirk Bartley Nweb2fax < 0.2.7 - Path Traversal
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php.
CVE-2008-6223 EXPLOITDB text WRITEUP
Wotw Way OF The Warrior - Code Injection
PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.
CVE-2008-5962 EXPLOITDB text WORKING POC
Gravity GTD <0.4.5 - Path Traversal
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter.
CVE-2019-17199 METASPLOIT HIGH ruby WORKING POC
Webpagetest - Path Traversal
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
CVSS 7.5
CVE-2012-10042 METASPLOIT ruby WORKING POC
Sflog! CMS 1.0 - Authenticated RCE
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling attackers to upload a PHP backdoor into a web-accessible directory (blogs/download/uploads/). Once uploaded, the file can be executed remotely, resulting in full remote code execution.
CVE-2012-10033 METASPLOIT ruby WORKING POC
Narcissus - RCE
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.
CVE-2012-10049 METASPLOIT ruby WORKING POC
WebPageTest <2.6 - RCE
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
EIP-2026-117960 EXPLOITDB c++ WORKING POC
Star Downloader Free 1.45 - '.dat' Universal Overwrite (SEH)
EIP-2026-117286 EXPLOITDB c++ WORKING POC
HTML Email Creator 2.1b668 - html Local Overwrite (SEH)
CVE-2008-5071 EXPLOITDB text WORKING POC
Yoxel < 1.23beta - Code Injection
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
CVE-2008-6224 EXPLOITDB text WRITEUP
Samelinux Way OF The Warrior < 5.0 - Path Traversal
Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter.
CVE-2009-2310 EXPLOITDB perl WORKING POC
Extensible-BioLawCom CMS <0.2.0 - SQL Injection
SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
EIP-2026-113439 EXPLOITDB text WORKING POC
Willoughby TriO 2.1 - SQL Injection
EIP-2026-113335 EXPLOITDB php WORKING POC
webpa 1.1.0.1 - Multiple Vulnerabilities
EIP-2026-113333 EXPLOITDB text WORKING POC
webo site speedup 1.6.1 - Multiple Vulnerabilities
EIP-2026-113271 EXPLOITDB text WRITEUP
webERP 4.08.1 - Local/Remote File Inclusion
EIP-2026-113099 EXPLOITDB text WRITEUP
Vikingboard 0.2 Beta - 'task' Local File Inclusion
EIP-2026-113249 EXPLOITDB text WRITEUP
webcaf 1.4 - Local File Inclusion / Remote Code Execution
EIP-2026-113297 EXPLOITDB text WRITEUP
webid 1.0.4 - Multiple Vulnerabilities
EIP-2026-112848 EXPLOITDB text WORKING POC
UCCASS 1.8.1 - Blind SQL Injection