y3dips

11 exploits Active since Mar 2005
CVE-2007-0497 EXPLOITDB text WRITEUP
Upload-Service 1.0 - Remote File Inclusion via maindir Parameter
PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.
CVE-2005-1135 EXPLOITDB text WRITEUP
Simple PHP Blog 0.4.0 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-0691 EXPLOITDB perl SCANNER
SocialMPN modules.php - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
CVE-2005-0780 EXPLOITDB text WRITEUP
paFileDB <= 3.1 - Information Disclosure via Direct Request to Multiple Scripts
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message.
CVE-2007-0881 EXPLOITDB text WORKING POC
openi-cms - Remote File Inclusion via Seitenschutz Plugin Config Parameters
PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750.
EIP-2026-106963 EXPLOITDB text WRITEUP
Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-0677 EXPLOITDB text WORKING POC
Cadre PHP Framework <20020724 - RCE
PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.
EIP-2026-105422 EXPLOITDB text WORKING POC
BBS E-Market Professional - Full Path Disclosure / File Inclusion
CVE-2006-3353 EXPLOITDB text WORKING POC
Opera < 9.01 - Denial of Service via Crafted Web Page with Iframe and JavaScript
Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.
EIP-2026-103404 EXPLOITDB perl WORKING POC
Apache James Server 2.2 - SMTP Denial of Service
EIP-2026-101262 EXPLOITDB python WORKING POC
Edimax IC-3030iWn - UDP Packet Password Information Disclosure