rgod

471 exploits Active since Jul 2005
CVE-2006-1784 EXPLOITDB perl WORKING POC
Sphider 1.3 - Remote Code Execution via settings_dir Parameter
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.
CVE-2007-0261 EXPLOITDB php WORKING POC
sNews <= 1.5.30 - Unauthenticated Administrative Action Execution via Failed Authentication Bypass
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
CVE-2006-2029 EXPLOITDB php WORKING POC
Simplog < 0.9.3 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.
EIP-2026-112148 EXPLOITDB php WORKING POC
SimpleBBS 1.1 - Remote Command Execution
CVE-2006-1243 EXPLOITDB perl WORKING POC
Simple PHP Blog <0.4.7.1 - Path Traversal
Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
EIP-2026-112109 EXPLOITDB php WORKING POC
Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics
EIP-2026-112108 EXPLOITDB php WORKING POC
Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusion
EIP-2026-111905 EXPLOITDB text WORKING POC
SaveWebPortal 3.4 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-2539 EXPLOITDB php WORKING POC
RunCms < 1.5.2 - Information Disclosure via show_files Function
The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.
CVE-2006-1793 EXPLOITDB php WORKING POC
runcms < 1.2 - Directory Traversal via bbPath[path] Parameter
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.
CVE-2006-1645 EXPLOITDB php WORKING POC
ReloadCMS <= 1.2.5 - Cross-Site Scripting via User-Agent HTTP Header
Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.
EIP-2026-111978 EXPLOITDB php WORKING POC
SendCard 3.4.0 - Unauthorized Administrative Access
EIP-2026-111908 EXPLOITDB text WRITEUP
SaveWebPortal 3.4 - Unauthorized Access
EIP-2026-111907 EXPLOITDB text WRITEUP
SaveWebPortal 3.4 - Multiple Remote File Inclusions
EIP-2026-111906 EXPLOITDB text WRITEUP
SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities
CVE-2006-3533 EXPLOITDB php WORKING POC
Pivot 1.30 RC2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php.
CVE-2005-3968 EXPLOITDB php WORKING POC
PHPX 3.5.9 - SQL Injection via Username Parameter
SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.
CVE-2006-7101 EXPLOITDB php WORKING POC
phpwind < 5.0.1 - SQL Injection via AdminUser Cookie
SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie.
CVE-2005-4226 EXPLOITDB php WORKING POC
phpwebthings < 1.4 - SQL Injection via Multiple Parameters
Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.
EIP-2026-111213 EXPLOITDB php WORKING POC
phpStats 0.1.9 - Multiple SQL Injections
CVE-2006-2065 EXPLOITDB php WORKING POC
PHPSurveyor <= 0.995 - SQL Injection via surveyid Cookie
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
EIP-2026-111607 EXPLOITDB text WRITEUP
Pyrox Search 1.0.5 - 'Newsearch.php' Whatdoreplace Cross-Site Scripting
CVE-2006-2770 EXPLOITDB php WORKING POC
pppblog < 0.3.8 - Directory Traversal via File Array Parameter
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].
EIP-2026-111212 EXPLOITDB php WORKING POC
phpStats 0.1.9 - 'PHP-Stats-options.php' Remote Code Execution
EIP-2026-111425 EXPLOITDB text WORKING POC
PostNuke 0.6x/0.7x - Multiple Cross-Site Scripting Vulnerabilities