undefined1_

11 exploits Active since Mar 2006
CVE-2006-6878 EXPLOITDB perl WORKING POC
PHP-Update <2.7 - Privilege Escalation
admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.
CVE-2006-1667 EXPLOITDB perl WORKING POC
Eric Gerdes Crafty Syntax Image Gallery <3.1g - SQL Injection
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.
CVE-2006-1412 EXPLOITDB perl WORKING POC
TFT Gallery 0.10 - Unauthenticated Sensitive Information Exposure via Direct Request
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.
CVE-2006-6879 EXPLOITDB perl WORKING POC
php-update < 2.7 - Authenticated Arbitrary File Upload via userfile Parameter
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
CVE-2006-1422 EXPLOITDB text WORKING POC
PHP Booking Calendar <1.0c - SQL Injection
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
CVE-2006-1481 EXPLOITDB perl WORKING POC
php_ticket 0.71 - Authenticated SQL Injection via search.php frm_search_in Parameter
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
CVE-2007-5222 EXPLOITDB perl WORKING POC
MAXdev MDPro 1.0.76 - SQL Injection via Referer Header
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
CVE-2007-5222 EXPLOITDB perl WORKING POC
MAXdev MDPro 1.0.76 - SQL Injection via Referer Header
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
CVE-2007-5063 EXPLOITDB perl WORKING POC
Adam Scheinberg Flip <= 3.0 - Unauthenticated Sensitive Information Exposure via Direct Request
Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt.
CVE-2007-5062 EXPLOITDB perl WORKING POC
Adam Scheinberg Flip < 3.0 - Unauthenticated Administrative Account Creation via account.php un Parameter
account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action.
CVE-2006-1668 EXPLOITDB perl WORKING POC
Eric Gerdes Crafty Syntax Image Gallery <3.1g - Authenticated RCE
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.