fish

6 exploits Active since Jan 2001
CVE-2007-3220 EXPLOITDB text WRITEUP
Cjay Content 3 - RCE
PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656.
CVE-2007-3221 EXPLOITDB text WORKING POC
PHP - RCE
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
CVE-2006-6765 EXPLOITDB perl WORKING POC
Pagetool 1.07 - RCE
Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.
CVE-2007-3813 EXPLOITDB text WRITEUP
NoBoard BETA - RCE
PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.
CVE-2007-3812 EXPLOITDB text WORKING POC
Cmscout < 1.23 - SQL Injection
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
CVE-2000-1125 EXPLOITDB bash WORKING POC
Red Hat Linux 6.2 - Privilege Escalation
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.