rgod

471 exploits Active since Jul 2005
EIP-2026-116242 EXPLOITDB text WORKING POC
SIEMENS Solid Edge ST4/ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution
CVE-2007-4814 EXPLOITDB html WORKING POC
Microsoft SQL Server - Buffer Overflow via SQLServer ActiveX Control Start Method
Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
CVE-2010-4701 EXPLOITDB php WORKING POC
Microsoft Windows Fax Services Cover Page Editor <5.2 r2 - RCE
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
EIP-2026-116014 EXPLOITDB text WORKING POC
Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC)
EIP-2026-116015 EXPLOITDB php WORKING POC
Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC)
EIP-2026-115697 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6 - 'mshtml.dll div' Denial of Service
EIP-2026-115333 EXPLOITDB php WORKING POC
Golden FTP server 1.92 - 'USER/PASS' Heap Overflow (PoC)
CVE-2007-4646 EXPLOITDB php WORKING POC
Hexamail Server 3.0.0.001 Lite - Buffer Overflow
Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.
CVE-2009-3967 EXPLOITDB html WORKING POC
Ed Charkow SuperCharged Linking - SQL Injection
SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-0284 EXPLOITDB text WORKING POC
Cisco Linksys PlayerPT <1.0.0.15 - Buffer Overflow
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).
CVE-2007-5219 EXPLOITDB html WORKING POC
CyberLink PowerDVD 7.0 - Path Traversal and Arbitrary File Write via CLAVSetting ActiveX CreateNewFile Method
Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the CreateNewFile method.
EIP-2026-114910 EXPLOITDB text WORKING POC
AOL Products downloadUpdater2 Plugin - 'SRC' Remote Code Execution
CVE-2006-6853 EXPLOITDB php WORKING POC
Durian Web Application Server 3.02 - Remote Code Execution via Long String in Crafted TCP Packet
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
CVE-2006-6564 EXPLOITDB php WORKING POC
FileZilla < 0.9.21 - Denial of Service via Malformed STOR Command
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
CVE-2005-3996 EXPLOITDB php WORKING POC
Zen Cart < 1.2.6d - SQL Injection via admin_email Parameter
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.
CVE-2013-4835 EXPLOITDB ruby WORKING POC
HP SiteScope 10.1x and 11.x < 11.22 - Unauthenticated Remote Code Execution via APISiteScopeImpl issueSiebelCmd Method
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
CVE-2006-3994 EXPLOITDB php WORKING POC
XMB Forum < 1.9.6_alpha - SQL Injection via u2uid Parameter
SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.
CVE-2006-4191 EXPLOITDB php WORKING POC
Extreme Message Board < 1.9.6 - Remote File Inclusion via memcp.php langfilenew Parameter
Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
CVE-2006-1371 EXPLOITDB php WORKING POC
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 - Authenticated RCE
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.
CVE-2005-3681 EXPLOITDB php WORKING POC
XOOPS WF-Downloads 2.05 - SQL Injection via viewcat.php list Parameter
SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter.
CVE-2006-2156 EXPLOITDB php WORKING POC
X7 Chat <= 2.0 - Directory Traversal via Help File Parameter
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
CVE-2006-2516 EXPLOITDB php WORKING POC
XOOPS < 2.0.13.2 - Path Traversal and Arbitrary File Include via xoopsConfig Parameter
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.
CVE-2006-3851 EXPLOITDB php WORKING POC
X7 Chat 2.0.4 - SQL Injection via old_prefix Parameter
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
CVE-2007-0233 EXPLOITDB php WORKING POC
WordPress <= 2.0.6 - SQL Injection via tb_id Parameter
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.
CVE-2006-6237 EXPLOITDB php WORKING POC
Woltlab Burning Board Lite 1.0.2 - SQL Injection via Thread Visit Cookie Parameter
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.