spabam

17 exploits Active since Feb 2001
CVE-2002-0061 EXPLOITDB perl WORKING POC
Apache HTTP Server < 1.3.24 - OS Command Injection
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
CVE-2002-0082 EXPLOITDB c WORKING POC
Apache-ssl - Buffer Overflow
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
CVE-2002-0082 EXPLOITDB c WORKING POC
Apache-ssl - Buffer Overflow
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
EIP-2026-114497 EXPLOITDB perl WORKING POC
YABB SE 0.8/1.4/1.5 - 'Packages.php' Remote File Inclusion
CVE-2004-1535 EXPLOITDB perl WORKING POC
phpBB - RCE
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
CVE-2001-1471 EXPLOITDB HIGH perl WORKING POC
phpBB 1.4.0 - Authenticated RCE
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
CVSS 8.8
EIP-2026-109814 EXPLOITDB perl WORKING POC
My_eGallery Module 3.1.1 - Remote File Inclusion Command Injection
EIP-2026-107404 EXPLOITDB perl WORKING POC
GFHost PHP GMail - Remote Command Execution
CVE-2001-0985 EXPLOITDB perl WORKING POC
Hassan Consulting Shopping Cart 1.23 - RCE
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
EIP-2026-100902 EXPLOITDB perl WORKING POC
Stockman Shopping Cart 7.8 - Arbitrary Command Execution
CVE-2001-1502 EXPLOITDB perl WORKING POC
Mountain Network Systems WebCart 8.4 - Command Injection
webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter.
CVE-2001-0075 EXPLOITDB perl WORKING POC
Technote - Path Traversal
Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter.
CVE-2003-1425 EXPLOITDB perl WORKING POC
Cpanel - Improper Input Validation
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
CVE-2003-0243 EXPLOITDB perl WORKING POC
Happycgi.com Happymall <4.4 - RCE
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.
CVE-2003-0243 EXPLOITDB perl WORKING POC
Happycgi.com Happymall <4.4 - RCE
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.
CVE-2004-2275 EXPLOITDB perl WORKING POC
I-Mall Commerce - RCE
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
EIP-2026-100885 EXPLOITDB perl WORKING POC
Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (2)