dun

73 exploits Active since Feb 2006
CVE-2008-5991 EXPLOITDB text WRITEUP
MailWatch for MailScanner < 1.0.4 - Remote File Inclusion via docs.php doc Parameter
Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter.
CVE-2008-4712 EXPLOITDB text WRITEUP
LnBlog < 0.9.0 - Path Traversal via Plugin Parameter
Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the plugin parameter.
CVE-2008-1751 EXPLOITDB text WRITEUP
Ksemail - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters.
EIP-2026-109140 EXPLOITDB text WORKING POC
LimeSurvey 1.92+ build120620 - Multiple Vulnerabilities
CVE-2008-4330 EXPLOITDB text WORKING POC
LanSuite 3.3.2 - Remote File Inclusion via Design Parameter Path Traversal
Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter.
EIP-2026-108914 EXPLOITDB text WORKING POC
Joomla! Plugin Captcha 4.5.1 - Local File Disclosure
CVE-2009-2313 EXPLOITDB text WORKING POC
Jinzora Media Jukebox <2.8 - Path Traversal
Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter.
CVE-2009-0881 EXPLOITDB text WRITEUP
isiAJAX 1 - SQL Injection via id Parameter
SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-107297 EXPLOITDB text WORKING POC
fttss 2.0 - Remote Command Execution
CVE-2008-5963 EXPLOITDB text WORKING POC
Gravity GTD <0.4.5 - Code Injection
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
CVE-2008-5990 EXPLOITDB text WORKING POC
emergecolab 1.0 - Path Traversal via Sitecode Parameter
Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sitecode parameter to connect/index.php.
CVE-2006-0755 EXPLOITDB MEDIUM text WRITEUP
dotProject <= 2.0.1 - Remote File Inclusion via baseDir and dPconfig Parameters
Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product
CVSS 5.6
CVE-2008-6265 EXPLOITDB text WORKING POC
cyberfolio <= 7.12.2 - Path Traversal via Theme Parameter
Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
EIP-2026-105848 EXPLOITDB text WRITEUP
ChurchInfo 1.2.12 - SQL Injection
CVE-2008-2837 EXPLOITDB text WRITEUP
CMS-BRD - SQL Injection via Menuclick Parameter
SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter.
CVE-2008-2351 EXPLOITDB text WORKING POC
CMS WebManager-Pro - SQL Injection via lang_id or menu_id Parameters
Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters.
CVE-2008-5948 EXPLOITDB text WORKING POC
BNCwi < 1.04 - Remote File Inclusion via Newlanguage Parameter
Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter.
EIP-2026-105054 EXPLOITDB text WORKING POC
Ajax Framework - 'lang' Local File Inclusion
CVE-2008-6036 EXPLOITDB text WRITEUP
BaseBuilder < 2.0.1 - Remote Code Execution via mj_config[src_path] Parameter
PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter.
CVE-2008-5993 EXPLOITDB text WORKING POC
Barcode Generator 1D <2.0.0 - Path Traversal
Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter.
EIP-2026-104770 EXPLOITDB ruby WORKING POC
Sflog! CMS 1.0 - Arbitrary File Upload (Metasploit)
EIP-2026-101570 EXPLOITDB text WORKING POC
Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities
EIP-2026-101154 EXPLOITDB text WORKING POC
Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution