rgod

470 exploits Active since Jul 2005
CVE-2005-3010 EXPLOITDB php WORKING POC
CuteNews <1.4.0 - Code Injection
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
EIP-2026-106272 EXPLOITDB text WORKING POC
CubeCart 3.0.x - Multiple Input Validation Vulnerabilities
CVE-2006-4267 EXPLOITDB php WORKING POC
Devellion Cubecart - SQL Injection
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
CVE-2006-0644 EXPLOITDB php WORKING POC
Cpg-nuke Dragonfly Cms - Path Traversal
Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php.
EIP-2026-106169 EXPLOITDB php WORKING POC
Coppermine Photo Gallery 1.4.3 - Remote Command Execution
CVE-2006-0583 EXPLOITDB php WORKING POC
Clever Copy - SQL Injection
SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
EIP-2026-105887 EXPLOITDB php WORKING POC
Class-1 Forum 0.24.4 - Remote Code Execution
CVE-2006-1595 EXPLOITDB text WRITEUP
Claroline <1.7.4 - XSS
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
CVE-2006-1595 EXPLOITDB text WRITEUP
Claroline <1.7.4 - XSS
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
CVE-2006-3364 EXPLOITDB php WORKING POC
BLOG:CMS <4.1.0 - SQL Injection
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-105832 EXPLOITDB text WORKING POC
Chipmunk CMS 1.3 - Fontcolor Cross-Site Scripting
EIP-2026-105680 EXPLOITDB php WORKING POC
Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin
CVE-2006-3065 EXPLOITDB php WORKING POC
blur6ex 0.3.462 - SQL Injection
SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different.
CVE-2006-3105 EXPLOITDB php WORKING POC
Bitweaver 1.3 - HTTP Response Splitting
CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
CVE-2006-3996 EXPLOITDB php WORKING POC
Adaptive Technology Resource Centre Atutor < 1.5.3.1 - SQL Injection
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
CVE-2005-2951 EXPLOITDB php WORKING POC
AzDGDatingLite <2.1.3 - RCE
Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.
CVE-2005-4155 EXPLOITDB php WORKING POC
ATutor 1.5.1 pl2 - SQL Injection
registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
CVE-2005-2956 EXPLOITDB text WRITEUP
ATutor <1.5.1 - Info Disclosure
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.
CVE-2005-2954 EXPLOITDB text WORKING POC
ATutor <1.5.1 - SQL Injection
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
EIP-2026-105270 EXPLOITDB text WRITEUP
Asn Guestbook 1.5 - 'header.php?version' Cross-Site Scripting
EIP-2026-105269 EXPLOITDB text WRITEUP
Asn Guestbook 1.5 - 'footer.php?version' Cross-Site Scripting
EIP-2026-104631 EXPLOITDB php WORKING POC
ADODB < 4.70 - 'tmssql.php' Denial of Service
EIP-2026-104962 EXPLOITDB php WORKING POC
ADODB < 4.70 (PHPOpenChat 3.0.x) - 'Server.php' SQL Injection
CVE-2006-0852 EXPLOITDB perl WORKING POC
Admbook <1.2.2 - Code Injection
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
CVE-2006-0899 EXPLOITDB php WORKING POC
4images Image Gallery Management System < 1.7.1 - Path Traversal
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.