dun

73 exploits Active since Feb 2006
EIP-2026-112848 EXPLOITDB text WORKING POC
UCCASS 1.8.1 - Blind SQL Injection
CVE-2008-2394 EXPLOITDB text WORKING POC
TAGWORX.CMS 3.00.02 - SQL Injection via cid or nid Parameter
Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.
CVE-2007-4369 EXPLOITDB text WORKING POC
SOTEeSKLEP < 4.0 - Directory Traversal via File Parameter
Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
EIP-2026-112480 EXPLOITDB text WORKING POC
SUMON 0.7.0 - Command Execution
CVE-2008-6402 EXPLOITDB text WRITEUP
sofi_webgui < 0.6.3pre - Remote Code Execution via mod_dir Parameter
PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter.
EIP-2026-111882 EXPLOITDB text WRITEUP
samart-cms 2.0 - 'contentsid' SQL Injection
EIP-2026-112008 EXPLOITDB text WORKING POC
sflog! - 'section' Local File Inclusion
EIP-2026-111873 EXPLOITDB text WRITEUP
sahana agasti 0.6.5 - Multiple Vulnerabilities
EIP-2026-111872 EXPLOITDB text WORKING POC
Sahana Agasti 0.6.4 - SQL Injection
CVE-2008-2964 EXPLOITDB text WORKING POC
ResearchGuide 0.5 - SQL Injection via id Parameter
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4739 EXPLOITDB text WORKING POC
PlugSpace 0.1 - Path Traversal via Navi Parameter
Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter.
CVE-2008-5587 EXPLOITDB text WRITEUP
phppgadmin <= 4.2.1 - Path Traversal via _language Parameter
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
CVE-2008-5989 EXPLOITDB text WORKING POC
phpcounter < 1.3.2 - Path Traversal via l Parameter
Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
CVE-2011-0405 EXPLOITDB perl WORKING POC
phpgedview 4.2.3 - Path Traversal via pgvaction Parameter
Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.
EIP-2026-111143 EXPLOITDB text WRITEUP
phpMyBackupPro 2.2 - Local File Inclusion
CVE-2008-4331 EXPLOITDB text WORKING POC
phpocs < 0.1 - Path Traversal via Act Parameter
Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php.
CVE-2008-6669 EXPLOITDB text WORKING POC
nweb2fax <= 0.2.7 - Remote Code Execution via viewrq.php var_filename Parameter
viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.
CVE-2008-6403 EXPLOITDB text WRITEUP
openrat < 0.8-beta4 - Remote Code Execution via tpl_dir Parameter
PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter.
CVE-2008-4329 EXPLOITDB text WRITEUP
openengine < 2.0_beta4 - Remote File Inclusion via oe_classpath Parameter
PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.
CVE-2008-6025 EXPLOITDB text WRITEUP
OpenElec < 3.01 - Remote Code Execution via Path Traversal in scr/form.php
Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter.
CVE-2009-0886 EXPLOITDB text WRITEUP
oneorzero_helpdesk <= 1.6.5.7 - Path Traversal via Default Language Parameter
Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter.
CVE-2008-6410 EXPLOITDB text WORKING POC
ol'bookmarks < 0.7.5 - Path Traversal via show Parameter
Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
CVE-2008-4318 EXPLOITDB text WORKING POC
Observer <= 0.3.2.1 - Remote Command Execution via Query Parameter
Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.
EIP-2026-109884 EXPLOITDB text WRITEUP
NetOffice Dwins 1.4p3 - SQL Injection
CVE-2008-3420 EXPLOITDB text WORKING POC
Mobius for Mimsy XG <1.4.4.1 - SQL Injection
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.