rgod

471 exploits Active since Jul 2005
CVE-2006-1839 EXPLOITDB php WRITEUP
PHP Album 0.3.2.3 - Remote File Inclusion via language.php data_dir Parameter
PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.
CVE-2006-1828 EXPLOITDB php WORKING POC
php121_instant_messenger < 1.4 - SQL Injection and Remote Code Execution via sess_username Cookie
SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement.
CVE-2006-6880 EXPLOITDB php WORKING POC
php-update < 2.7 - SQL Injection via newmessage, newname, newwebsite, or newemail Parameter
Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.
CVE-2006-7173 EXPLOITDB php WORKING POC
PHP-Stats <0.1.9.1b - Code Injection
Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.
CVE-2006-7172 EXPLOITDB php WORKING POC
php-stats < 0.1.9.1b - SQL Injection via HTTP Header or IP Parameter
Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter.
CVE-2006-7172 EXPLOITDB php WORKING POC
php-stats < 0.1.9.1b - SQL Injection via HTTP Header or IP Parameter
Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter.
EIP-2026-110905 EXPLOITDB php WORKING POC
PHP-Stats 0.1.9.1 - Remote Commans Execution
CVE-2006-3572 EXPLOITDB php WORKING POC
papoo < 3.0.0_rc3 - SQL Injection via forumthread.php msgid Parameter
SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
EIP-2026-110864 EXPLOITDB php WORKING POC
PHP-Nuke 7.8 - SQL Injection / Remote Command Execution
CVE-2006-2331 EXPLOITDB php WORKING POC
PHP-Fusion 6.00.306 - Directory Traversal and Arbitrary File Execution via Locale Parameter
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files.
CVE-2006-2459 EXPLOITDB php WORKING POC
PHP-Fusion <= 6.00.307 - Authenticated SQL Injection via srch_where Parameter
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.
CVE-2005-3157 EXPLOITDB php WORKING POC
PHP-Fusion 6.00.109 - SQL Injection
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
CVE-2006-4673 EXPLOITDB php WORKING POC
php_fusion < 6.01.4 - SQL Injection via _SERVER[REMOTE_ADDR] Parameter
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
CVE-2006-1291 EXPLOITDB php WORKING POC
php_icalendar < 2.2.1 - Unauthenticated Arbitrary File Upload via WebDAV PUT Request
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.
CVE-2006-1292 EXPLOITDB php WORKING POC
PHP iCalendar <2.21 - Path Traversal
Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
EIP-2026-110645 EXPLOITDB php WORKING POC
PHP Album 0.3.2.3 - Remote Command Execution
EIP-2026-110643 EXPLOITDB text WORKING POC
PHP Advanced Transfer Manager 1.30 - Multiple Directory Traversal Vulnerabilities
EIP-2026-110642 EXPLOITDB text WORKING POC
PHP Advanced Transfer Manager 1.30 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2006-3611 EXPLOITDB php WORKING POC
Phorum 5 - Authenticated Directory Traversal and Arbitrary File Execution via GLOBALS[template] Parameter
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.
EIP-2026-110526 EXPLOITDB php WORKING POC
PCPIN Chat 5.0.4 - 'login/language' Remote Code Execution
CVE-2005-2892 EXPLOITDB text WORKING POC
PBLang 4.65 - Directory Traversal via setcookie.php u Parameter
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
EIP-2026-110516 EXPLOITDB php WORKING POC
PBLang 4.65 - Remote Command Execution (1)
EIP-2026-110363 EXPLOITDB text WORKING POC
osCommerce 2.2 - 'extras' Source Code Disclosure
CVE-2006-1149 EXPLOITDB perl WORKING POC
OWL Intranet Engine 0.82 - Remote File Inclusion via xrms_file_root Parameter
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
CVE-2006-2583 EXPLOITDB php WORKING POC
Nucleus CMS < 3.22 - Remote File Inclusion via GLOBALS[DIR_LIBS] Parameter
PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.