frog

93 exploits Active since May 2002
CVE-2002-0375 EXPLOITDB text WRITEUP
ecometry sgdynamo - Cross-Site Scripting via HTNAME Parameter
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter.
EIP-2026-114438 EXPLOITDB text WRITEUP
XMB Forum 1.6 - Magic Lantern Cross-Site Scripting
EIP-2026-114454 EXPLOITDB text WORKING POC
Xoops 1.0/1.3.x - BBCode HTML Injection
EIP-2026-114456 EXPLOITDB text WRITEUP
Xoops 1.3.x/2.0.x - Multiple Vulnerabilities
EIP-2026-114439 EXPLOITDB text WRITEUP
XMB Forum 1.6 - Magic Lantern Log File
CVE-2003-1239 EXPLOITDB text WORKING POC
WihPhoto 0.86 - Directory Traversal via Album and Pic Parameters
Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter.
EIP-2026-113223 EXPLOITDB text WORKING POC
Web Server Creator Web Portal 0.1 - Remote File Inclusion
EIP-2026-112971 EXPLOITDB text WORKING POC
vAuthenticate 2.8 - SQL Injection
EIP-2026-112974 EXPLOITDB text WRITEUP
vbPortal 2.0 alpha 8.1 - (Authenticated) SQL Injection
EIP-2026-113155 EXPLOITDB text WORKING POC
vSignup 2.1 - SQL Injection
EIP-2026-113257 EXPLOITDB text WRITEUP
Webchat 0.77 - 'Defines.php' Remote File Inclusion
CVE-2002-1878 EXPLOITDB text WORKING POC
w-agora 4.1.3 - Remote Code Execution via inc_dir Parameter
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter.
EIP-2026-112879 EXPLOITDB text WORKING POC
Ultimate PHP Board 1.0/1.1 - Image Tag Script Injection
CVE-2002-2055 EXPLOITDB text WORKING POC
TeeKai Tracking Online 1.0 - Cross-Site Scripting via userlog.php id Parameter
Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2002-1886 EXPLOITDB php WORKING POC
TightAuction 3.0 - Unauthenticated Sensitive Information Exposure via config.inc
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
CVE-2003-1488 EXPLOITDB text WORKING POC
Truegalerie 1.0 - Unauthenticated Administrator Access via Admin Parameter Manipulation
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
EIP-2026-112374 EXPLOITDB text WORKING POC
SPGPartenaires 3.0.1 - 'delete.php' SQL Injection
EIP-2026-112375 EXPLOITDB text WRITEUP
SPGPartenaires 3.0.1 - 'ident.php' SQL Injection
EIP-2026-112469 EXPLOITDB text WRITEUP
SudBox Boutique 1.2 - 'login.php' Authentication Bypass
CVE-2002-2084 EXPLOITDB text WRITEUP
Portix-PHP 0.4.02 - Directory Traversal via l or topic Parameter
Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters.
EIP-2026-111417 EXPLOITDB text WORKING POC
Portix-PHP 0.4 - Cookie Manipulation
CVE-2003-1086 EXPLOITDB text WORKING POC
pMachine Free and Pro - Remote File Inclusion via pm_path Parameter
PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code.
EIP-2026-111602 EXPLOITDB text WRITEUP
Py-Membres 4.x - 'Pass_done.php' SQL Injection
CVE-2002-1884 EXPLOITDB text WORKING POC
Py-Membres 3.1 - Unauthenticated Authentication Bypass via pymembs Parameter
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin".
EIP-2026-111601 EXPLOITDB text WRITEUP
Py-Membres 4.0 - SQL Injection