nonroot

6 exploits Active since Jan 2008
CVE-2008-0278 EXPLOITDB python WORKING POC
x7_chat < 2.0.5 - SQL Injection via Day Parameter in sm_window Action
SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.
EIP-2026-110306 EXPLOITDB python WORKING POC
OpenFiler 2.3 - (Authentication Bypass) Remote Password Change
CVE-2008-0782 EXPLOITDB python WORKING POC
MoinMoin 1.5.8 - Unauthenticated Path Traversal and Arbitrary File Write via MOIN_ID Cookie
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
CVE-2008-6539 EXPLOITDB python WORKING POC
DeStar 0.2.2-5 - Authenticated Static Code Injection via Pin Parameter
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.
CVE-2008-6538 EXPLOITDB python WORKING POC
DeStar 0.2.2-5 - Unauthenticated Arbitrary User Addition via Direct Request
DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser.
CVE-2009-0687 EXPLOITDB python WORKING POC
MidnightBSD - Denial of Service via Crafted IP Packets in PF Packet Filter
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.