Exploitdb Exploits

1,269 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-7116 EXPLOITDB php VERIFIED
Kubix < 0.7 - SQL Injection
SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.
by BlackHawk
CVE-2006-7117 EXPLOITDB php VERIFIED
Kubix < 0.7 - Path Traversal
Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
by BlackHawk
EIP-2026-106469 EXPLOITDB php VERIFIED
Discuz! 4.x - SQL Injection / Admin Credentials Disclosure
by rgod
EIP-2026-103629 EXPLOITDB php VERIFIED
PHP 4.4.4/5.1.6 - 'htmlentities()' Local Buffer Overflow (PoC)
by Nick Kezhaya
CVE-2006-6237 EXPLOITDB php VERIFIED
Woltlab Burning Board Lite - SQL Injection
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
by rgod
CVE-2006-6289 EXPLOITDB php VERIFIED
Woltlab Burning Board Lite <1.0.2 - SQL Injection
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite.
by rgod
CVE-2006-6280 EXPLOITDB php VERIFIED
Oxygen O2PHP BB <1.1.3 - SQL Injection
SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572.
by DarkFig
EIP-2026-109486 EXPLOITDB php VERIFIED
miniCWB 1.0.0 - 'contact.php' Local File Inclusion
by Kacper
CVE-2006-6391 EXPLOITDB php VERIFIED
Open Solution Quick.Cart 2.0 - Path Traversal
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by Kacper
CVE-2006-5894 EXPLOITDB php VERIFIED
Rama Cms < 0.68 - Path Traversal
Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
by Kacper
CVE-2006-7101 EXPLOITDB php VERIFIED
Phpwind < 5.0.1 - SQL Injection
SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie.
by rgod
EIP-2026-111235 EXPLOITDB php VERIFIED
PHPWCMS 1.2.6 - Cookie: wcs_user_lang Local File Inclusion
by Kacper
CVE-2006-7169 EXPLOITDB php VERIFIED
Ultimate PHP Board <2.0 - RCE
PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter.
by Kacper
CVE-2006-5834 EXPLOITDB php VERIFIED
Opensolution Quick.cms.lite - Path Traversal
Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter.
by Kacper
CVE-2006-7112 EXPLOITDB php VERIFIED
Maxdev Mdpro < 1.0.76 - Path Traversal
Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.
by Kacper
CVE-2006-5786 EXPLOITDB php VERIFIED
E107 - Path Traversal
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
by Kacper
CVE-2006-5733 EXPLOITDB php VERIFIED
Postnuke < 0.763 - Path Traversal
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
by Kacper
CVE-2006-5731 EXPLOITDB php VERIFIED
Lithium Cms < 4.04c - Path Traversal
Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] parameter, as demonstrated by a POST to news/comment.php containing PHP code, which is stored under db/comments/news/ and included by classes/index.php.
by Kacper
EIP-2026-107931 EXPLOITDB php VERIFIED
Invision Power Board 2.1.7 - 'Debug' Remote Password Change
by Rapigator
EIP-2026-107846 EXPLOITDB php VERIFIED
Innovate Portal 2.0 - 'acp.php' Remote Code Execution
by Kacper
CVE-2006-5732 EXPLOITDB php VERIFIED
Tgs Cms < 0.1.7 - SQL Injection
SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.
by Kacper
CVE-2006-5720 EXPLOITDB php VERIFIED
Francisco Burzi Php-nuke < 7.9 - SQL Injection
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.
by Paisterist
CVE-2006-5665 EXPLOITDB php VERIFIED
Spider Friendly <1.3.10 - RCE
PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Kacper
CVE-2006-6938 EXPLOITDB php VERIFIED
Nitrotech - Path Traversal
Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter.
by Kacper
CVE-2006-5672 EXPLOITDB php VERIFIED
MySource CMS <2.16.2 - RCE
PHP remote file inclusion vulnerability in web/init_mysource.php in MySource CMS 2.16.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter.
by Kacper
By Source
All 1,269 Exploitdb 50,121 Writeup 46,659 Nomisec 21,135 Metasploit 3,189 Github 2,236 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,730 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24