spabam

17 exploits Active since Feb 2001
CVE-2002-0061 EXPLOITDB perl WORKING POC
Apache HTTP Server < 1.3.24 - Remote Code Execution via Shell Metacharacter Injection
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
CVE-2002-0082 EXPLOITDB c WORKING POC
Apache-SSL < 1.3.22+1.46 and mod_ssl < 2.8.7-1.3.23 - Remote Code Execution via Large Client Certificate
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
CVE-2002-0082 EXPLOITDB c WORKING POC
Apache-SSL < 1.3.22+1.46 and mod_ssl < 2.8.7-1.3.23 - Remote Code Execution via Large Client Certificate
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
EIP-2026-114497 EXPLOITDB perl WORKING POC
YABB SE 0.8/1.4/1.5 - 'Packages.php' Remote File Inclusion
CVE-2004-1535 EXPLOITDB perl WORKING POC
phpBB Cash Mod - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
CVE-2001-1471 EXPLOITDB HIGH perl WORKING POC
phpbb < 1.4.0 - Authenticated Remote Code Execution via Invalid Language Value
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
CVSS 8.8
EIP-2026-109814 EXPLOITDB perl WORKING POC
My_eGallery Module 3.1.1 - Remote File Inclusion Command Injection
EIP-2026-107404 EXPLOITDB perl WORKING POC
GFHost PHP GMail - Remote Command Execution
CVE-2001-0985 EXPLOITDB perl WORKING POC
Hassan Consulting Shopping Cart 1.23 - RCE
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
EIP-2026-100902 EXPLOITDB perl WORKING POC
Stockman Shopping Cart 7.8 - Arbitrary Command Execution
CVE-2001-1502 EXPLOITDB perl WORKING POC
Mountain Network Systems WebCart 8.4 - Command Injection
webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter.
CVE-2001-0075 EXPLOITDB perl WORKING POC
Technote - Directory Traversal via Filename Parameter
Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter.
CVE-2003-1425 EXPLOITDB perl WORKING POC
cPanel 5.0 - Remote Code Execution via Guestbook.cgi Template Parameter
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
CVE-2003-0243 EXPLOITDB perl WORKING POC
Happycgi.com Happymall 4.3 and 4.4 - Remote Command Execution via File Parameter in normal_html.cgi or member_html.cgi
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.
CVE-2003-0243 EXPLOITDB perl WORKING POC
Happycgi.com Happymall 4.3 and 4.4 - Remote Command Execution via File Parameter in normal_html.cgi or member_html.cgi
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.
CVE-2004-2275 EXPLOITDB perl WORKING POC
i-mall.cgi - Remote Command Execution via p Parameter
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
EIP-2026-100885 EXPLOITDB perl WORKING POC
Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (2)