y3dips

11 exploits Active since Mar 2005
CVE-2007-0497 EXPLOITDB text WRITEUP
Upload-Service 1.0 - RCE
PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.
CVE-2005-1135 EXPLOITDB text WRITEUP
Simple PHP Blog <0.4.0 - XSS
Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-0691 EXPLOITDB perl SCANNER
PHP - RCE
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
CVE-2005-0780 EXPLOITDB text WRITEUP
paFileDB <3.1 - Info Disclosure
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message.
CVE-2007-0881 EXPLOITDB text WORKING POC
OPENi-CMS 1.0 - RCE
PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750.
EIP-2026-106963 EXPLOITDB text WRITEUP
Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-0677 EXPLOITDB text WORKING POC
Cadre PHP Framework <20020724 - RCE
PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.
EIP-2026-105422 EXPLOITDB text WORKING POC
BBS E-Market Professional - Full Path Disclosure / File Inclusion
CVE-2006-3353 EXPLOITDB text WORKING POC
Opera 9 - DoS
Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.
EIP-2026-103404 EXPLOITDB perl WORKING POC
Apache James Server 2.2 - SMTP Denial of Service
EIP-2026-101262 EXPLOITDB python WORKING POC
Edimax IC-3030iWn - UDP Packet Password Information Disclosure