rgod

471 exploits Active since Jul 2005
CVE-2006-0899 EXPLOITDB php WORKING POC
4images image_gallery_management_system < 1.7.1 - Directory Traversal via Template Parameter
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
CVE-2005-3390 EXPLOITDB php WORKING POC
PHP 4.x-4.4.0 and 5.x-5.0.5 - Remote Code Execution via RFC1867 File Upload GLOBALS Overwrite
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
CVE-2013-4810 EXPLOITDB CRITICAL php WORKING POC
HP ProCurve Manager and Application Lifecycle Management - Remote Code Execution via Marshalled Object
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
CVSS 9.8
CVE-2005-3929 EXPLOITDB php WORKING POC
Xaraya 1.0 - Directory Traversal and Arbitrary File Write via Module Parameter
Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.
CVE-2017-17417 EXPLOITDB CRITICAL text WORKING POC
Quest NetVault Backup 11.3.0.12 - SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228.
CVSS 9.8
CVE-2014-3914 EXPLOITDB ruby WORKING POC
Rocket ServerGraph 1.2 - Path Traversal
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
CVE-2014-1649 EXPLOITDB ruby WORKING POC
Symantec Workspace Streaming <7.5.0.749 - SSRF
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
EIP-2026-103926 EXPLOITDB ruby WORKING POC
HP SiteScope (Linux/Windows) - Remote Code Execution (Metasploit)
CVE-2007-1412 EXPLOITDB php WORKING POC
PHP - Information Disclosure via cpdf_open Function
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
EIP-2026-103104 EXPLOITDB php WORKING POC
e107 < 0.6172 - 'resetcore.php' SQL Injection
CVE-2013-6221 EXPLOITDB ruby WORKING POC
HP Service Virtualization 3.x < 3.50.1 - Path Traversal and Arbitrary File Write via CommunicationServlet
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
EIP-2026-102512 EXPLOITDB php WORKING POC
Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection
EIP-2026-102349 EXPLOITDB ruby WORKING POC
SolarWinds Storage Manager - Authentication Bypass (Metasploit)
EIP-2026-102495 EXPLOITDB text WORKING POC
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
EIP-2026-102467 EXPLOITDB php WORKING POC
CA ARCserve D2D r15 GWT RPC - Multiple Vulnerabilities
EIP-2026-102347 EXPLOITDB ruby WORKING POC
Oracle Business Transaction Management FlashTunnelService - Remote Code Execution (Metasploit)
CVE-2013-5486 EXPLOITDB ruby WORKING POC
DCNM-SAN Server <6.2(1) - Path Traversal
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
EIP-2026-102466 EXPLOITDB ruby WORKING POC
CA Arcserve D2D GWT RPC - Credential Information Disclosure (Metasploit)
CVE-2012-4876 EXPLOITDB text WORKING POC
TRENDnet SecurView TV-IP121WN - Buffer Overflow
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
CVE-2012-5306 EXPLOITDB text WORKING POC
Camera Stream Client < - Buffer Overflow
Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument.
CVE-2006-1832 EXPLOITDB php WORKING POC
sysinfo 1.21 - Information Disclosure via debugger Action
sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action.