rgod

471 exploits Active since Jul 2005
CVE-2006-6237 EXPLOITDB php WORKING POC
Woltlab Burning Board Lite 1.0.2 - SQL Injection via Thread Visit Cookie Parameter
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
CVE-2007-0233 EXPLOITDB php WORKING POC
WordPress <= 2.0.6 - SQL Injection via tb_id Parameter
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.
CVE-2006-2667 EXPLOITDB php WORKING POC
WordPress < 2.0.2 - Remote Code Execution via Profile Update Displayname Injection
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
CVE-2006-6289 EXPLOITDB php WORKING POC
Woltlab Burning Board Lite <1.0.2 - SQL Injection
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite.
CVE-2007-1292 EXPLOITDB php WORKING POC
Jelsoft vBulletin <3.5.8-3.6.5 - SQL Injection
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
CVE-2006-4004 EXPLOITDB php WORKING POC
vbPortal 3.0.2-3.6.0 Beta 1 - Unauthenticated Directory Traversal and Remote Code Execution via bbvbplang Cookie
Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
CVE-2005-3259 EXPLOITDB php WORKING POC
versatileBulletinBoard 1.0.0 RC2 - SQL Injection via Multiple Input Parameters
Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field, (2) "search this thread" feature, (3) "search for posts" feature, (4) "forgot password" feature, (5) list parameter in userlistpre.php, and the (6) select, (7) categ, and (8) to parameters in index.php.
EIP-2026-113166 EXPLOITDB php WORKING POC
w-Agora 4.2.0 - 'quicklist.php' Remote Code Execution
CVE-2005-2488 EXPLOITDB text WORKING POC
Web Content Management News System - Cross-Site Scripting via strRootpath or strTable Parameter
Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.
CVE-2005-2488 EXPLOITDB text WORKING POC
Web Content Management News System - Cross-Site Scripting via strRootpath or strTable Parameter
Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.
CVE-2006-1480 EXPLOITDB php WORKING POC
WebAlbum < 2.02 - Directory Traversal and Remote Code Execution via Skin2 Cookie Parameter
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.
CVE-2005-4140 EXPLOITDB php WORKING POC
Website Baker 2.6.0 - SQL Injection via Username Parameter
SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field.
CVE-2007-2431 EXPLOITDB php WORKING POC
TCExam < 4.0.011 - Cross-Site Scripting via Dynamic Variable Evaluation
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.
CVE-2005-3201 EXPLOITDB php WORKING POC
Utopia News Pro 1.1.3 - SQL Injection
SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter.
CVE-2005-3200 EXPLOITDB text WORKING POC
Utopia News Pro 1.1.3-1.1.4 - Cross-Site Scripting via sitetitle, version, and query_count Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php.
CVE-2005-3200 EXPLOITDB text WORKING POC
Utopia News Pro 1.1.3-1.1.4 - Cross-Site Scripting via sitetitle, version, and query_count Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php.
CVE-2006-2406 EXPLOITDB php WORKING POC
Unclassified NewsBoard < 1.5.3d - Directory Traversal via design_path Parameter
Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.
CVE-2005-3686 EXPLOITDB php WORKING POC
Unclassified NewsBoard < 1.5.3_patch3 - SQL Injection via DateFrom or DateUntil Parameter
SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.
CVE-2006-4602 EXPLOITDB php WORKING POC
TikiWiki < 1.9.4 - Unauthenticated Arbitrary File Upload via jhot.php
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
CVE-2007-0340 EXPLOITDB php WORKING POC
ThWboard < 3.0_beta_2.84 - SQL Injection via board[styleid] Parameter
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
CVE-2005-4087 EXPLOITDB php WORKING POC
Sugar Suite < 4.0 beta - Remote Code Execution via acceptDecline.php beanFiles Parameter
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter.
CVE-2005-4086 EXPLOITDB c WORKING POC
Sugar Suite < 4.0 beta - Directory Traversal via acceptDecline.php beanFiles Parameter
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
CVE-2006-2460 EXPLOITDB php WORKING POC
SugarCRM 4.2 - Remote File Inclusion and Directory Traversal via GLOBALS Override
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
CVE-2006-0626 EXPLOITDB php WORKING POC
SPIP 1.8.2g - SQL Injection via spip_acces_doc.php3 file Parameter
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
CVE-2006-0625 EXPLOITDB text WORKING POC
SPIP 1.8.2g - Directory Traversal and Remote Code Execution via GLOBALS[type_urls] Parameter
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.