rgod

471 exploits Active since Jul 2005
CVE-2005-3063 EXPLOITDB php WORKING POC
MailGust 1.9 - SQL Injection via Password Reminder Email Field
SQL injection vulnerability in MailGust 1.9 allows remote attackers to execute arbitrary SQL commands via the email field on the password reminder page.
EIP-2026-109267 EXPLOITDB php WORKING POC
Mail-it Now! Upload2Server 1.5 - Arbitrary File Upload
CVE-2005-3130 EXPLOITDB text WORKING POC
lucidcms 1.0.11 - SQL Injection via Login Field
SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field.
CVE-2006-3832 EXPLOITDB php WORKING POC
Loudblog <= 0.5 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-2777 EXPLOITDB php WORKING POC
Looking Glass 20040427 - Remote Command Execution via DNS Lookup Query Field
Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.
EIP-2026-109207 EXPLOITDB text WORKING POC
Looking Glass - Cross-Site Scripting
CVE-2006-0713 EXPLOITDB text WRITEUP
LinPHA 1.0 - Directory Traversal and Arbitrary File Inclusion via Lang Parameter
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
CVE-2006-0713 EXPLOITDB text WRITEUP
LinPHA 1.0 - Directory Traversal and Arbitrary File Inclusion via Lang Parameter
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
CVE-2006-0713 EXPLOITDB text WRITEUP
LinPHA 1.0 - Directory Traversal and Arbitrary File Inclusion via Lang Parameter
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
CVE-2006-0713 EXPLOITDB text WORKING POC
LinPHA 1.0 - Directory Traversal and Arbitrary File Inclusion via Lang Parameter
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
CVE-2006-4859 EXPLOITDB php WORKING POC
Limbo (aka Lite Mambo) CMS 1.0.4.2L - Code Injection
Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
CVE-2005-4319 EXPLOITDB text WORKING POC
Limbo CMS <1.0.4.2 - Path Traversal
Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.
CVE-2005-4317 EXPLOITDB text WRITEUP
limbo_cms < 1.0.4.2 - Cross-Site Scripting and Remote Code Execution via _SERVER[REMOTE_ADDR]
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php.
CVE-2005-4318 EXPLOITDB php WORKING POC
Limbo CMS <= 1.0.4.2 - SQL Injection via _SERVER[REMOTE_ADDR] Parameter
SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.
CVE-2006-2857 EXPLOITDB php WORKING POC
LifeType 1.0.4 - SQL Injection via articleId Parameter
SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php).
CVE-2006-7247 EXPLOITDB php WORKING POC
Joomla com_weblinks < 1.0.9 - SQL Injection via Title Parameter
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2006-3292 EXPLOITDB php WORKING POC
Jaws 0.6.2 - SQL Injection via Search Gadget searchdata Parameter
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
CVE-2006-1031 EXPLOITDB perl WORKING POC
iGENUS Webmail <= 2.02 - Remote File Inclusion via SG_HOME Parameter
config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter.
CVE-2007-5845 EXPLOITDB php WORKING POC
GuppY <4.6.3, 4.5.16 - Path Traversal
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.
CVE-2005-3926 EXPLOITDB php WORKING POC
GuppY 4.5.9 - Remote Code Execution via _SERVER[REMOTE_ADDR] Parameter
Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script.
EIP-2026-107519 EXPLOITDB perl WORKING POC
Guestbook Script 1.7 - 'include_files' Remote Code Execution
CVE-2005-2562 EXPLOITDB text WORKING POC
Gravity Board X 1.1 - SQL Injection via Login Field
SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.
EIP-2026-107486 EXPLOITDB text WRITEUP
Gravity Board X 1.1 - CSS Template Unauthorized Access
CVE-2007-2793 EXPLOITDB text WORKING POC
Geeklog 2.x - Remote Code Execution
PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.
EIP-2026-107374 EXPLOITDB perl WORKING POC
GeekLog 1.x - 'error.log' Remote Command Execution