pagvac

11 exploits Active since Sep 2007
CVE-2009-1151 NOMISEC CRITICAL WORKING POC
Phpmyadmin < 2.11.9.5 - Code Injection
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
6 stars
CVSS 9.8
CVE-2009-1285 METASPLOIT ruby WORKING POC
Phpmyadmin - Code Injection
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
CVE-2009-1151 METASPLOIT CRITICAL ruby WORKING POC
Phpmyadmin < 2.11.9.5 - Code Injection
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVSS 9.8
CVE-2009-1151 EXPLOITDB CRITICAL bash WORKING POC
Phpmyadmin < 2.11.9.5 - Code Injection
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVSS 9.8
CVE-2009-1151 EXPLOITDB CRITICAL php SCANNER
Phpmyadmin < 2.11.9.5 - Code Injection
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVSS 9.8
CVE-2009-1151 EXPLOITDB CRITICAL ruby WORKING POC
Phpmyadmin < 2.11.9.5 - Code Injection
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVSS 9.8
CVE-2009-1558 EXPLOITDB text WORKING POC
Cisco Wvc54gca - Path Traversal
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
CVE-2009-1557 EXPLOITDB javascript WORKING POC
Cisco Wvc54gca - XSS
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.
CVE-2008-4918 EXPLOITDB text WORKING POC
Sonicwall Sonicos Enhanced < 4.0.1.1 - XSS
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
CVE-2007-5112 EXPLOITDB text WORKING POC
ROI Revolution Urchin < 5.7.03 - XSS
Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords.
EIP-2026-100739 EXPLOITDB text WORKING POC
Avaya Intuity Audix LX R1.1 - Multiple Remote Vulnerabilities