rgod

471 exploits Active since Jul 2005
CVE-2009-4115 EXPLOITDB php WORKING POC
CutePHP CuteNews 1.4.6 - Code Injection
Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category and (2) Icon URL fields; or (3) inject arbitrary PHP code into data/ipban.php via the add_ip parameter.
CVE-2005-3010 EXPLOITDB php WORKING POC
CuteNews < 1.4.0 - Remote Code Execution via HTTP_CLIENT_IP Header Injection
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
EIP-2026-106272 EXPLOITDB text WORKING POC
CubeCart 3.0.x - Multiple Input Validation Vulnerabilities
CVE-2006-4267 EXPLOITDB php WORKING POC
CubeCart <= 3.0.11 - SQL Injection via oid or x_invoice_num Parameter
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
CVE-2006-0644 EXPLOITDB php WORKING POC
CPG-Nuke Dragonfly CMS 9.0.6.1 - Directory Traversal and Arbitrary File Execution via newlang and installlang Parameters
Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php.
EIP-2026-106169 EXPLOITDB php WORKING POC
Coppermine Photo Gallery 1.4.3 - Remote Command Execution
CVE-2006-0583 EXPLOITDB php WORKING POC
Clever Copy <= 3.0 - SQL Injection via mailarticle.php ID Parameter
SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
EIP-2026-105887 EXPLOITDB php WORKING POC
Class-1 Forum 0.24.4 - Remote Code Execution
CVE-2006-1595 EXPLOITDB text WRITEUP
Claroline < 1.7.4 - Cross-Site Scripting and Arbitrary File Read via rqmkhtml.php File Parameter
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
CVE-2006-1595 EXPLOITDB text WRITEUP
Claroline < 1.7.4 - Cross-Site Scripting and Arbitrary File Read via rqmkhtml.php File Parameter
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
CVE-2006-3364 EXPLOITDB php WORKING POC
BLOG:CMS < 4.0.0k - SQL Injection via NP_SEO Plugin id Parameter
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-105832 EXPLOITDB text WORKING POC
Chipmunk CMS 1.3 - Fontcolor Cross-Site Scripting
EIP-2026-105680 EXPLOITDB php WORKING POC
Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin
CVE-2006-3065 EXPLOITDB php WORKING POC
blur6ex 0.3.462 - SQL Injection via ID Parameter in Blog Shard
SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different.
CVE-2006-3105 EXPLOITDB php WORKING POC
Bitweaver 1.3 - HTTP Response Splitting
CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
CVE-2006-3996 EXPLOITDB php WORKING POC
ATutor < 1.5.3.1 - Authenticated SQL Injection via Desc or Asc Parameters
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
CVE-2005-2951 EXPLOITDB php WORKING POC
AzDGDatingLite 2.1.3 - Remote Code Execution via Directory Traversal in l Parameter
Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.
CVE-2005-4155 EXPLOITDB php WORKING POC
ATutor 1.5.1 pl2 - SQL Injection via NULL-Terminated Email Address
registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
CVE-2005-2956 EXPLOITDB text WRITEUP
ATutor 1.5.1 - Unauthenticated Sensitive Information Exposure via Predictable Chat Log Filenames
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.
CVE-2005-2954 EXPLOITDB text WORKING POC
ATutor - SQL Injection via Password Reminder Email Field
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
EIP-2026-105270 EXPLOITDB text WRITEUP
Asn Guestbook 1.5 - 'header.php?version' Cross-Site Scripting
EIP-2026-105269 EXPLOITDB text WRITEUP
Asn Guestbook 1.5 - 'footer.php?version' Cross-Site Scripting
EIP-2026-104631 EXPLOITDB php WORKING POC
ADODB < 4.70 - 'tmssql.php' Denial of Service
EIP-2026-104962 EXPLOITDB php WORKING POC
ADODB < 4.70 (PHPOpenChat 3.0.x) - 'Server.php' SQL Injection
CVE-2006-0852 EXPLOITDB perl WORKING POC
devscripts admbook < 1.2.2 - Remote Code Execution via X-Forwarded-For Header Injection
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.