rUnViRuS

16 exploits Active since Jul 2005
EIP-2026-114912 EXPLOITDB php WORKING POC
Apache 2.4.17 - Denial of Service
CVE-2007-3196 EXPLOITDB text WRITEUP
vBSupport Integrated Ticket System 3.x.x - SQL Injection via Ticket ID Parameter
SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action.
CVE-2006-1800 EXPLOITDB perl WORKING POC
SimpleBBS 1.0.6-1.1 - Remote Code Execution via Language Cookie Traversal
Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log.
CVE-2007-3332 EXPLOITDB text WORKING POC
Satel Lite for PhpNuke - Directory Traversal via Name Parameter
Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action.
CVE-2006-5118 EXPLOITDB text WRITEUP
PHPSelect Web Development Division PDD - Remote File Inclusion via index.php3 Application_Root Parameter
PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter.
CVE-2005-4423 EXPLOITDB text WORKING POC
PHPFM < 0.2.3 - Authenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
EIP-2026-110506 EXPLOITDB text WRITEUP
PBBoard 2.0.2 - Full Path Disclosure
EIP-2026-109501 EXPLOITDB perl WORKING POC
MKPortal 1.0.1 - 'index.php' Directory Traversal
CVE-2007-0178 EXPLOITDB text WRITEUP
Easy Banner Pro 2.8 - Remote File Inclusion via s[phppath] Parameter
PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.
EIP-2026-100707 EXPLOITDB text WRITEUP
Simple Message Board 2.0 beta1 - 'User.cfm' Cross-Site Scripting
EIP-2026-100706 EXPLOITDB text WRITEUP
Simple Message Board 2.0 beta1 - 'Thread.cfm' Cross-Site Scripting
EIP-2026-100705 EXPLOITDB text WRITEUP
Simple Message Board 2.0 beta1 - 'Search.cfm' Cross-Site Scripting
EIP-2026-100704 EXPLOITDB text WRITEUP
Simple Message Board 2.0 beta1 - 'Forum.cfm' Cross-Site Scripting
CVE-2005-2560 EXPLOITDB text WRITEUP
CFBB 1.1.0 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2005-2318 EXPLOITDB text WORKING POC
DVBBS 7.1 SP2 - Cross-Site Scripting via showerr.asp Action Parameter
Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2006-0974 EXPLOITDB text WORKING POC
bttlxeforum 2.0 - Cross-Site Scripting via failure.asp err_txt Parameter
Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter.