milw0rm

75 exploits Active since May 1997
CVE-2006-6369 EXPLOITDB text WORKING POC
Invision Community Blog Mod 1.2.4 - SQL Injection
SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality.
EIP-2026-107332 EXPLOITDB text WRITEUP
Gallery 1.2.5 - 'GALLERY_BASEDIR' Multiple Remote File Inclusions
EIP-2026-107473 EXPLOITDB text WORKING POC
Graffiti CMS 1.x - Arbitrary File Upload
CVE-2008-0905 EXPLOITDB text WORKING POC
MEO Globsy - Path Traversal
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-6189 EXPLOITDB text WORKING POC
Gforge - SQL Injection
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
CVE-2007-0681 EXPLOITDB CRITICAL html WORKING POC
ExtCalendar <2 - Auth Bypass
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
CVSS 9.8
EIP-2026-106674 EXPLOITDB text WRITEUP
e107 plugin fm pro 1 - File Disclosure / Arbitrary File Upload / Directory Traversal
CVE-2006-2008 EXPLOITDB text WORKING POC
Built2Go PHP Movie Review <2B - RCE
PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter.
EIP-2026-105271 EXPLOITDB text WORKING POC
ASPapp Knowledge Base - 'CatId' SQL Injection (2)
CVE-2007-5820 EXPLOITDB text WORKING POC
AxDCMS 0.1.1 - Path Traversal
Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2006-5647 EXPLOITDB text WORKING POC
Sophos Anti-virus < 6.04 - Memory Corruption
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability."
EIP-2026-103387 EXPLOITDB text WORKING POC
Adobe Acrobat 9.1.1 (OSX/Windows) - Stack Overflow Crash (PoC)
CVE-1999-0034 EXPLOITDB perl WORKING POC
Larry Wall Perl - Buffer Overflow
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
CVE-2008-1801 EXPLOITDB perl WORKING POC
rdesktop <1.5.0 - DoS/RCE
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
CVE-2008-1878 EXPLOITDB text WORKING POC
xine-lib <1.1.12 - Buffer Overflow
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
CVE-2005-2925 EXPLOITDB bash WORKING POC
SGI IRIX - Privilege Escalation
runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.
CVE-2007-2270 EXPLOITDB perl WORKING POC
Linksys Spa941 - Denial of Service
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
EIP-2026-101383 EXPLOITDB text WRITEUP
Netgear WNR2000 FW 1.2.0.8 - Information Disclosure
EIP-2026-101160 EXPLOITDB text WORKING POC
ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution
EIP-2026-101125 EXPLOITDB text WORKING POC
Linksys WAG54G2 - Web Management Console Arbitrary Command Execution
CVE-2007-4553 EXPLOITDB perl WORKING POC
Thomson ST 2030 <1.52.1 - DoS
The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.
CVE-2007-2270 EXPLOITDB perl WORKING POC
Linksys Spa941 - Denial of Service
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
EIP-2026-100445 EXPLOITDB html WORKING POC
MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection
CVE-2006-6821 EXPLOITDB html WORKING POC
Enthrallweb eNews - Auth Bypass
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2004-1054 EXPLOITDB bash WORKING POC
IBM AIX <5.3.0 - Privilege Escalation
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.