nukedx

41 exploits Active since Jan 2006
CVE-2006-2675 EXPLOITDB WORKING POC
ubb.threads < 6.5.3 - Remote File Inclusion via thispath or configdir Parameters
PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters.
CVE-2006-2739 EXPLOITDB WORKING POC
Epicdesigns tinyBB < 0.3 - Remote File Inclusion via tinybb_footers Parameter
PHP remote file inclusion vulnerability in footers.php in Epicdesigns tinyBB 0.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the tinybb_footers parameter.
CVE-2006-2744 EXPLOITDB WORKING POC
F@cile Interactive Web <0.8.6 - RCE
PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
CVE-2006-2745 EXPLOITDB WORKING POC
F@cile Interactive Web <0.8.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao.
CVE-2006-2793 EXPLOITDB WORKING POC
ASPSitem <= 2.0 - SQL Injection via Anket.asp hid Parameter
SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
CVE-2006-1541 EXPLOITDB perl WORKING POC
ezaspsite < 2.0_rc3 - SQL Injection via Default.asp Scheme Parameter
SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.
CVE-2006-4368 EXPLOITDB perl WORKING POC
IntegraMOD Portal 2.x and earlier - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-1094 EXPLOITDB perl WORKING POC
Datenbank MOD < 2.7 for Woltlab Burning Board - SQL Injection via fileid Parameter
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
CVE-2006-4365 EXPLOITDB perl WORKING POC
VistaBB <= 2.0.33 - Remote File Inclusion via phpbb_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php.
CVE-2006-2755 EXPLOITDB text WORKING POC
UBB.threads - Cross-Site Scripting via Debug Parameter
Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.
CVE-2006-2740 EXPLOITDB text WORKING POC
Epicdesigns tinyBB < 0.3 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) q parameter in (a) forgot.php, and the (2) username and (3) password parameters in (b) login.php, and other unspecified vectors.
CVE-2006-2029 EXPLOITDB perl WORKING POC
Simplog < 0.9.3 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.
CVE-2006-2028 EXPLOITDB text WRITEUP
simplog < 0.9.3 - Cross-Site Scripting via imagedir Parameter
Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal.
CVE-2006-2485 EXPLOITDB text WORKING POC
Quezza BB < 1.0 - Remote File Inclusion via quezza_root_path Parameter
PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter.
CVE-2006-6177 EXPLOITDB text WORKING POC
Neocrome Seditio < 1.10 - Authenticated SQL Injection via Double-Encoded ID Parameter
SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).
CVE-2006-2002 EXPLOITDB perl WORKING POC
MyGamingLadder 7.0 - Remote File Inclusion via stats.php dir[base] Parameter
PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter.
CVE-2006-6577 EXPLOITDB text WORKING POC
Neocrome Land Down Under 8.x and earlier - SQL Injection via polls.php id Parameter
SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-4369 EXPLOITDB perl WORKING POC
IntegraMOD Portal 2.x and earlier - Absolute Path Traversal via phpbb_root_path Parameter
Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter.
CVE-2006-2746 EXPLOITDB text WORKING POC
facile_interactive_web < 0.8.5 - Cross-Site Scripting via lang, mytheme, and myskin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
CVE-2006-2725 EXPLOITDB html WORKING POC
Eggblog < 3.0.6 - SQL Injection via RSS Posts ID Parameter
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1994 EXPLOITDB text WRITEUP
dForum <1.5 - Remote Code Execution
PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.
CVE-2006-2005 EXPLOITDB text WORKING POC
ClanSys 1.1 - Remote Code Execution via Page Parameter Eval Injection
Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection.
CVE-2006-2032 EXPLOITDB perl WORKING POC
CoreNews < 2.0.1 - SQL Injection via Icon ID or User ID Parameter
Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.
CVE-2006-2736 EXPLOITDB text WORKING POC
Blend Portal 1.2.0 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.
CVE-2006-2735 EXPLOITDB text WORKING POC
Activity MOD Plus 1.1.0 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.