r00t

15 exploits Active since Jul 1996
CVE-2023-37679 METASPLOIT CRITICAL ruby WORKING POC
Mirth Connect Deserialization RCE
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
CVSS 9.8
EIP-2026-113278 EXPLOITDB bash WORKING POC
webessence 1.0.2 - Multiple Vulnerabilities
CVE-2007-3534 EXPLOITDB text WORKING POC
WebChat 0.78 - SQL Injection via login.php rid Parameter
SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter.
CVE-2007-0502 EXPLOITDB php WORKING POC
webSPELL 4.01.02 - SQL Injection via gallery.php picID Parameter
SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
CVE-2006-4004 EXPLOITDB php WORKING POC
vbPortal 3.0.2-3.6.0 Beta 1 - Unauthenticated Directory Traversal and Remote Code Execution via bbvbplang Cookie
Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
EIP-2026-112250 EXPLOITDB text WRITEUP
smbind 0.4.7 - SQL Injection
CVE-2006-5564 EXPLOITDB text WRITEUP
MAXdev MD-Pro < 1.0.76 - Cross-Site Scripting via user.php op Parameter
Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-5951 EXPLOITDB text WORKING POC
E-Vendejo 0.2 - SQL Injection via articles.php id Parameter
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1240 EXPLOITDB text WRITEUP
Docebo CMS 3.0.3-3.0.5 - Cross-Site Scripting via Searchkey or Chat Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1240 EXPLOITDB text WRITEUP
Docebo CMS 3.0.3-3.0.5 - Cross-Site Scripting via Searchkey or Chat Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1243 EXPLOITDB text WRITEUP
Audins Audiens 3.3 - Unauthenticated Authentication Bypass via uninstall.php
Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1241 EXPLOITDB text WRITEUP
Audins Audiens 3.3 - Cross-Site Scripting via PATH_INFO in setup.php
Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1242 EXPLOITDB text WRITEUP
Audins Audiens 3.3 - SQL Injection via PHPSESSID Cookie
SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-1999-0137 EXPLOITDB c WORKING POC
dip - Local Buffer Overflow
The dip program on many Linux systems allows local users to gain root access via a buffer overflow.
CVE-2006-2043 EXPLOITDB text WORKING POC
IP3 Networks NetAccess NA75 - Local Command Injection via Backtick Characters in CLI
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).