rgod

471 exploits Active since Jul 2005
CVE-2006-0658 EXPLOITDB php WORKING POC
FCKeditor 2.0-2.2 - Unauthenticated Arbitrary File Upload via Extension Blacklist Bypass
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
CVE-2006-5030 EXPLOITDB php WORKING POC
exV2 Content Management System < 2.0.4.3 - Authenticated SQL Injection via Sort Parameter
SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
CVE-2006-7080 EXPLOITDB php WORKING POC
exV2 CMS < 2.0.4.3 - Directory Traversal & File Deletion via Avatar Upload
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.
CVE-2006-4963 EXPLOITDB php WORKING POC
Exponent CMS 0.96.3 - Path Traversal
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files.
CVE-2006-3904 EXPLOITDB php WORKING POC
Etomite < 0.6.1 - SQL Injection via Username Parameter
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-7070 EXPLOITDB php WORKING POC
Etomite < 0.6.1 - Unauthenticated Arbitrary File Upload via rfiles.php nfile Parameter
Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function.
EIP-2026-106886 EXPLOITDB php WORKING POC
EnterpriseGS 1.0 rc4 - Remote Command Execution
CVE-2005-4095 EXPLOITDB php WORKING POC
DoceboLMS 2.0.4 - Directory Traversal via FCKeditor2rc2 Connector Type Parameter
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.
EIP-2026-106662 EXPLOITDB php WORKING POC
e107 < 0.75 - GLOBALS Overwrite Remote Code Execution
CVE-2006-2743 EXPLOITDB php WORKING POC
Drupal 4.6.x < 4.6.7 and 4.7.0 - Arbitrary File Upload and Execution via Multiple File Extensions
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
CVE-2006-2866 EXPLOITDB php WORKING POC
DotClear 1.2.4 - Remote File Inclusion via blog_dc_path Parameter
PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.
EIP-2026-106511 EXPLOITDB php WORKING POC
DokuWiki 2006-03-09b - 'dwpage.php' System Disclosure
EIP-2026-106510 EXPLOITDB php WORKING POC
DokuWiki 2006-03-09b - 'dwpage.php' Remote Code Execution
CVE-2006-0687 EXPLOITDB php WORKING POC
DocMGR 0.54.2 - Remote File Inclusion via Uninitialized $siteModInfo Variable
process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.
EIP-2026-106487 EXPLOITDB text WORKING POC
DoceboLms 2.0.x - 'connector.php' Directory Traversal
CVE-2008-7153 EXPLOITDB php WORKING POC
Docebo < 3.5.0.3 - SQL Injection via Accept-Language HTTP Header
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
CVE-2006-5561 EXPLOITDB php WORKING POC
Discuz! GBK 5.0.0 - SQL Injection via cdb_auth Cookie
SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie.
EIP-2026-106469 EXPLOITDB php WORKING POC
Discuz! 4.x - SQL Injection / Admin Credentials Disclosure
EIP-2026-106449 EXPLOITDB text WORKING POC
Digital Scribe 1.4 - Login SQL Injection
CVE-2005-4554 EXPLOITDB php WORKING POC
DEV web management system <1.5 - SQL Injection
Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php.
CVE-2006-4558 EXPLOITDB php WORKING POC
DeluxeBB < 1.06 - Remote Code Execution via Double Extension File Upload
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
CVE-2006-1916 EXPLOITDB text WORKING POC
dbbs < 2.0-alpha - Cross-Site Scripting via ulocation or uhobbies Parameters
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters.
CVE-2005-3575 EXPLOITDB php WORKING POC
Cyphor < 0.19 - SQL Injection via show.php id Parameter
SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-3236 EXPLOITDB php WORKING POC
Cyphor 0.19 - SQL Injection and Cross-Site Scripting via fid Parameter
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
CVE-2006-2868 EXPLOITDB php WORKING POC
Claroline 1.7.6 - Remote File Inclusion via includePath Cookie
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.