rgod

471 exploits Active since Jul 2005
CVE-2007-0639 EXPLOITDB php WORKING POC
GuppY < 4.5.16 - Remote Code Execution via Error Handler Cookie Injection
Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].
CVE-2006-7079 EXPLOITDB CRITICAL php WORKING POC
exV2 content_management_system < 2.0.4.3 - Remote Code Execution via $xoopsOption['pagetype'] Variable Manipulation
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.
CVSS 9.8
CVE-2006-1831 EXPLOITDB php WORKING POC
sysinfo 1.21 - Remote Code Execution via Name Parameter in systemdoc Action
Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php.
CVE-2006-1819 EXPLOITDB php WORKING POC
phpwebsite < 0.10.2 - Directory Traversal and Remote Code Execution via hub_dir Parameter
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".
CVE-2006-1779 EXPLOITDB php WORKING POC
simplog < 0.9.2 - Cross-Site Scripting via btag Parameter
Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter.
CVE-2006-1778 EXPLOITDB php WORKING POC
simplog < 0.9.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php.
CVE-2006-1777 EXPLOITDB php WORKING POC
simplog < 0.9.2 - Remote File Inclusion via Directory Traversal in s Parameter
Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
CVE-2006-1776 EXPLOITDB php WORKING POC
simplog < 0.9.2 - Remote File Inclusion via s Parameter
PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter.
CVE-2006-6799 EXPLOITDB php WORKING POC
Cacti < 0.8.6i - SQL Injection via cmd.php Arguments
SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.
CVE-2006-0147 EXPLOITDB php WORKING POC
ADOdb for PHP < 4.70 - Remote Code Execution via tests/tmssql.php do Parameter
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
CVE-2007-2430 EXPLOITDB php WORKING POC
tcexam < 4.0.011 - Unauthenticated Arbitrary File Write via SessionUserLang Cookie
shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.
CVE-2007-2079 EXPLOITDB php WORKING POC
XAMPP < 1.6.0a - Remote Code Execution via ADONewConnection Host Parameter
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.
CVE-2006-6879 EXPLOITDB php WORKING POC
php-update < 2.7 - Authenticated Arbitrary File Upload via userfile Parameter
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
CVE-2006-4043 EXPLOITDB php WORKING POC
myWebland myBloggie <2.1.4 - Info Disclosure
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
CVE-2006-3571 EXPLOITDB php WORKING POC
papoo < 3 RC3 - Cross-Site Scripting via Hilfe.php Titel or Ausgabe Parameters
Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.
CVE-2006-3362 EXPLOITDB php WORKING POC
FCKeditor mcpuk - Unrestricted File Upload
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
CVE-2006-3102 EXPLOITDB php WORKING POC
bitweaver 1.3 - Remote Code Execution via Double Extension File Upload
Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
CVE-2006-1669 EXPLOITDB php WORKING POC
phpHeaven Team PHPMyChat <0.14.5 - SQL Injection
SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue.
CVE-2006-1596 EXPLOITDB php WORKING POC
Claroline <= 1.7.4 - Remote File Inclusion via includePath Parameter
PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter.
CVE-2006-1595 EXPLOITDB php WORKING POC
Claroline < 1.7.4 - Cross-Site Scripting and Arbitrary File Read via rqmkhtml.php File Parameter
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
CVE-2006-1594 EXPLOITDB php WORKING POC
Claroline < 1.7.4 - Directory Traversal and Remote Code Execution via File Parameter
Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php.
CVE-2006-1347 EXPLOITDB php WORKING POC
gCards < 1.45 - SQL Injection via Username Parameter
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-1346 EXPLOITDB php WORKING POC
gCards < 1.45 - Remote File Inclusion via Directory Traversal in lang Parameter
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
CVE-2005-4218 EXPLOITDB php WORKING POC
phpwebthings 1.4 - SQL Injection via Forum Message Parameter
SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585.
CVE-2014-0763 METASPLOIT ruby WORKING POC
Advantech WebAccess < 7.1 - SQL Injection via DBVisitor.dll SOAP Interface
An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL action and access to records in the table of the software database or execution of arbitrary code.