rgod

470 exploits Active since Jul 2005
CVE-2007-0261 EXPLOITDB php WORKING POC
sNews <1.5.30 - RCE
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
CVE-2006-2029 EXPLOITDB php WORKING POC
Simplog < 0.9.3 - SQL Injection
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.
EIP-2026-112148 EXPLOITDB php WORKING POC
SimpleBBS 1.1 - Remote Command Execution
CVE-2006-1243 EXPLOITDB perl WORKING POC
Simple PHP Blog <0.4.7.1 - Path Traversal
Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
EIP-2026-112109 EXPLOITDB php WORKING POC
Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics
EIP-2026-112108 EXPLOITDB php WORKING POC
Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusion
EIP-2026-111905 EXPLOITDB text WORKING POC
SaveWebPortal 3.4 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-2539 EXPLOITDB php WORKING POC
RunCms <1.5.2 - Info Disclosure
The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.
CVE-2006-1793 EXPLOITDB php WORKING POC
runCMS <1.2 - Path Traversal
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.
CVE-2006-1645 EXPLOITDB php WORKING POC
ReloadCMS <1.2.5 - XSS
Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.
EIP-2026-111978 EXPLOITDB php WORKING POC
SendCard 3.4.0 - Unauthorized Administrative Access
EIP-2026-111908 EXPLOITDB text WRITEUP
SaveWebPortal 3.4 - Unauthorized Access
EIP-2026-111907 EXPLOITDB text WRITEUP
SaveWebPortal 3.4 - Multiple Remote File Inclusions
EIP-2026-111906 EXPLOITDB text WRITEUP
SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities
CVE-2006-3533 EXPLOITDB php WORKING POC
Pivot 1.30 RC2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php.
CVE-2005-3968 EXPLOITDB php WORKING POC
Phpx - SQL Injection
SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.
CVE-2006-7101 EXPLOITDB php WORKING POC
Phpwind < 5.0.1 - SQL Injection
SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie.
CVE-2005-4226 EXPLOITDB php WORKING POC
Phpwebthings < 1.4 - SQL Injection
Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.
EIP-2026-111213 EXPLOITDB php WORKING POC
phpStats 0.1.9 - Multiple SQL Injections
CVE-2006-2065 EXPLOITDB php WORKING POC
Phpsurveyor - SQL Injection
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
EIP-2026-111607 EXPLOITDB text WRITEUP
Pyrox Search 1.0.5 - 'Newsearch.php' Whatdoreplace Cross-Site Scripting
CVE-2006-2770 EXPLOITDB php WORKING POC
Pppblog < 0.3.8 - Path Traversal
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].
EIP-2026-111212 EXPLOITDB php WORKING POC
phpStats 0.1.9 - 'PHP-Stats-options.php' Remote Code Execution
EIP-2026-111425 EXPLOITDB text WORKING POC
PostNuke 0.6x/0.7x - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111377 EXPLOITDB php WORKING POC
PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote Command Execution