milw0rm

75 exploits Active since May 1997
EIP-2026-114742 EXPLOITDB text SUSPICIOUS
Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution
CVE-2008-6139 EXPLOITDB text WRITEUP
WebBiscuits Modules Controller 1.1 - Path Traversal
Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
EIP-2026-113340 EXPLOITDB text WORKING POC
WebPortal CMS 0.7.4 - 'code' Remote Code Execution
CVE-2007-6213 EXPLOITDB text WORKING POC
WebED 0.0.9 - Path Traversal via Root and Path Parameters
Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters.
CVE-2005-0429 EXPLOITDB text WORKING POC
vBulletin 3.0-3.0.4 - Remote Code Execution via Comma Parameter
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
CVE-2008-4894 EXPLOITDB text WORKING POC
Tribiq CMS 5.0.10a and 5.0.12c - Remote File Inclusion via Template Path Parameter
Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c.
EIP-2026-112877 EXPLOITDB html WORKING POC
Ultimate Media Script 2.0 - Remote Change Content
CVE-2007-6221 EXPLOITDB text WORKING POC
TuMusika Evolution <1.7R5 - Info Disclosure
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5423 EXPLOITDB text WORKING POC
TikiWiki 1.9.8 - Remote Code Execution via tiki-graph_formula.php f Parameter
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
CVE-2007-5843 EXPLOITDB text WORKING POC
scWiki 1.0 Beta 2 - Remote Code Execution via pathdot Parameter
PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.
CVE-2004-2158 EXPLOITDB bash WORKING POC
Serendipity 0.7-beta1 - SQL Injection
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
CVE-2006-4968 EXPLOITDB text WORKING POC
PNphpBB 1.2g - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
EIP-2026-110945 EXPLOITDB text WORKING POC
phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial)
CVE-2006-2528 EXPLOITDB text WORKING POC
phpBazar 2.1.0 - Remote File Inclusion via Language_dir Parameter
PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
CVE-2005-0614 EXPLOITDB c++ WORKING POC
phpBB 2.0.12 - Privilege Escalation
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
EIP-2026-110859 EXPLOITDB text WORKING POC
PHP-Nuke 7.4 - Privilege Escalation
CVE-2007-6177 EXPLOITDB text WORKING POC
PHP_CON 1.3 - Remote Code Execution via webappcfg[APPPATH] Parameter
PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
CVE-2007-5642 EXPLOITDB text WORKING POC
PHP Project Management < 0.8.10 - Path Traversal via Multiple Module Parameters
Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) groupadm, (11) history, (12) info, (13) log, (14) mail, (15) messages, (16) organizations, (17) phones, (18) presence, (19) projects, (20) reports, (21) search, (22) snf, (23) syslog, (24) tasks, or (25) useradm subdirectory of modules/.
CVE-2004-1592 EXPLOITDB text WORKING POC
ocPortal <= 1.0.3 - Remote File Inclusion via req_path Parameter
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script.
CVE-2007-5812 EXPLOITDB text WORKING POC
ModuleBuilder 1.0 - Path Traversal via File Parameter
Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
EIP-2026-109575 EXPLOITDB php WORKING POC
Moodle 1.8.4 - Remote Code Execution
CVE-2006-5044 EXPLOITDB text WORKING POC
Princeclan Chess <0.8 - Info Disclosure
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
EIP-2026-109427 EXPLOITDB html WORKING POC
Messages Library 2.0 - Arbitrary Administrator Account
CVE-2007-6212 EXPLOITDB text WORKING POC
KML share 1.1 - Path Traversal via Layer Parameter
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
EIP-2026-108520 EXPLOITDB text WRITEUP
Joomla! Component com_rsgallery2 1.14.x/2.x - Remote Backdoor Access