bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php
History
Offensive Security 8330920f32 DB: 2016-10-25 
4 new exploits

ATutor 1.5.3.1 - (links) Blind SQL Injection
ATutor 1.5.3.1 - 'links' Blind SQL Injection

Mihalism Multi Host 2.0.7 - download.php Remote File Disclosure
Mihalism Multi Host 2.0.7 - 'download.php' Remote File Disclosure

IBM Domino Web Access Upload Module - inotes6.dll Buffer Overflow
IBM Domino Web Access 7.0 Upload Module - inotes6.dll Buffer Overflow

WebPortal CMS 0.6.0 - (index.php m) SQL Injection
WebPortal CMS 0.6.0 - 'index.php' SQL Injection

samPHPweb - 'db.php commonpath' Remote File Inclusion
samPHPweb 4.2.2 - 'db.php' Remote File Inclusion

samPHPweb - 'songinfo.php' SQL Injection
samPHPweb 4.2.2 - 'songinfo.php' SQL Injection

ATutor 1.6.1-pl1 - (import.php) Remote File Inclusion
ATutor 1.6.1-pl1 - 'import.php' Remote File Inclusion

The Matt Wright Guestbook.pl 2.3.1 - Server Side Include
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

html2ps - 'include file' Server Side Include Directive Directory Traversal
html2ps - 'include file' Server-Side Include Directive Directory Traversal

ClanSphere 2011.3 - (cs_lang cookie Parameter) Local File Inclusion
ClanSphere 2011.3 - 'cs_lang' Cookie Parameter Local File Inclusion

Imatix Xitami 2.5 - Server Side Includes Cross-Site Scripting
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting

Flatnux CMS 2013-01.17 - (index.php theme Parameter) Local File Inclusion
Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion

Network Weathermap 0.97a - (editor.php) Persistent Cross-Site Scripting
Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting
ATutor 1.4.3 - browse.php show_course Parameter Cross-Site Scripting
ATutor 1.4.3 - contact.php subject Parameter Cross-Site Scripting
ATutor 1.4.3 - content.php cid Parameter Cross-Site Scripting
ATutor 1.4.3 - send_message.php l Parameter Cross-Site Scripting
ATutor 1.4.3 - search.php Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - inbox/index.php view Parameter Cross-Site Scripting
ATutor 1.4.3 - tile.php Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - subscribe_forum.php us Parameter Cross-Site Scripting
ATutor 1.4.3 - Directory.php Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - 'browse.php' show_course Parameter Cross-Site Scripting
ATutor 1.4.3 - 'contact.php' subject Parameter Cross-Site Scripting
ATutor 1.4.3 - 'content.php' cid Parameter Cross-Site Scripting
ATutor 1.4.3 - 'send_message.php' l Parameter Cross-Site Scripting
ATutor 1.4.3 - 'search.php' Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - 'inbox/index.php' view Parameter Cross-Site Scripting
ATutor 1.4.3 - 'tile.php' Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - 'subscribe_forum.php' us Parameter Cross-Site Scripting
ATutor 1.4.3 - 'Directory.php' Multiple Parameter Cross-Site Scripting

Cuppa CMS - 'alertConfigField.php urlConfig Parameter' Remote / Local File Inclusion
Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion

Novell Zenworks Mobile Device Managment - Local File Inclusion (Metasploit)
Novell Zenworks Mobile Device Managment 2.6.1 / 2.7.0 - Local File Inclusion (Metasploit)

Weathermap 0.97c - (editor.php mapname Parameter) Local File Inclusion
Weathermap 0.97c - 'mapname' Parameter Local File Inclusion

ATutor 1.5.1 - password_reminder.php SQL Injection
ATutor 1.5.1 - 'password_reminder.php' SQL Injection
ATutor 1.x - forum.inc.php Arbitrary Command Execution
ATutor 1.x - body_header.inc.php section Parameter Local File Inclusion
ATutor 1.x - print.php section Parameter Remote File Inclusion
ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution
ATutor 1.x - 'body_header.inc.php' section Parameter Local File Inclusion
ATutor 1.x - 'print.php' section Parameter Remote File Inclusion
ATutor 1.5.x - create_course.php Multiple Parameter Cross-Site Scripting
ATutor 1.5.x - documentation/admin/index.php Cross-Site Scripting
ATutor 1.5.x - password_reminder.php forgot Parameter Cross-Site Scripting
ATutor 1.5.x - users/browse.php cat Parameter Cross-Site Scripting
ATutor 1.5.x - 'create_course.php' Multiple Parameter Cross-Site Scripting
ATutor 1.5.x - 'documentation/admin/index.php' Cross-Site Scripting
ATutor 1.5.x - 'password_reminder.php' forgot Parameter Cross-Site Scripting
ATutor 1.5.x - 'users/browse.php' cat Parameter Cross-Site Scripting

Zimbra - Privilegie Escalation (via Local File Inclusion)
Zimbra 2009-2013 - Local File Inclusion

Zimbra Collaboration Server - Local File Inclusion (Metasploit)
Zimbra Collaboration Server 7.2.2 / 8.0.2 - Local File Inclusion (Metasploit)

Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - (browse.php file Parameter) Local File Inclusion
Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion

Cart Engine 3.0.0 - (task.php) Local File Inclusion
Cart Engine 3.0.0 - 'task.php' Local File Inclusion

Kemana Directory 1.5.6 - (run Parameter) Local File Inclusion
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion

Railo - Remote File Inclusion (Metasploit)
Railo 4.2.1 - Remote File Inclusion (Metasploit)

LittleSite 0.1 - 'file' Parameter Local File Inclusion
LittleSite 0.1 - 'index.php' Local File Inclusion

OSClass 3.4.1 - (index.php file Parameter) Local File Inclusion
OSClass 3.4.1 - 'index.php' Local File Inclusion

Magento Server MAGMI Plugin - Remote File Inclusion
Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion

Cacti Superlinks Plugin 1.4-2 - Remote Code Execution (via Local File Inclusion + SQL Injection)
Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion

Lotus Mail Encryption Server (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)

u5CMS 3.9.3 - (thumb.php) Local File Inclusion
u5CMS 3.9.3 - 'thumb.php' Local File Inclusion
openSIS - 'modname' Parameter Local File Inclusion
ATutor - 'tool_file' Parameter Local File Inclusion
openSIS 5.1 - 'ajax.php' Local File Inclusion
ATutor 2.1 - 'tool_file' Parameter Local File Inclusion

Fork CMS - 'file' Parameter Local File Inclusion
Fork CMS - 'js.php' Local File Inclusion

HP Insight Diagnostics - Local File Inclusion
HP Insight Diagnostics 9.4.0.4710 - Local File Inclusion

phpVibe - Information Disclosure / Remote File Inclusion
phpVibe 3.1 - Information Disclosure / Remote File Inclusion

CakePHP - AssetDispatcher Class Local File Inclusion
CakePHP 2.2.8 / 2.3.7 - AssetDispatcher Class Local File Inclusion

TomatoCart - 'install/rpc.php' Local File Inclusion
TomatoCart 1.1.8.2 - 'class' Parameter Local File Inclusion

NeoBill - /install/index.php language Parameter Traversal Local File Inclusion
NeoBill 0.9-alpha - 'language' Parameter Local File Inclusion
iScripts AutoHoster - /websitebuilder/showtemplateimage.php tmpid Parameter Traversal Local File Inclusion
iScripts AutoHoster - /admin/downloadfile.php fname Parameter Traversal Local File Inclusion
iScripts AutoHoster - /support/admin/csvdownload.php id Parameter Traversal Local File Inclusion
iScripts AutoHoster - 'tmpid' Parameter Local File Inclusion
iScripts AutoHoster - 'fname' Parameter Local File Inclusion
iScripts AutoHoster - 'id' Parameter Local File Inclusion
AFCommerce - /afcontrol/adblock.php rootpathtocart Parameter Remote File Inclusion
AFCommerce - /afcontrol/adminpassword.php rootpathtocart Parameter Remote File Inclusion
AFCommerce - /afcontrol/controlheader.php rootpathtocart Parameter Remote File Inclusion
AFCommerce - 'adblock.php' Remote File Inclusion
AFCommerce - 'adminpassword.php' Remote File Inclusion
AFCommerce - 'controlheader.php' Remote File Inclusion

xBoard - 'post' Parameter Local File Inclusion
xBoard 5.0 / 5.5 / 6.0 - 'view.php' Local File Inclusion

BloofoxCMS - /admin/include/inc_settings_editor.php fileurl Parameter Local File Inclusion
BloofoxCMS 0.5.0 - 'fileurl' Parameter Local File Inclusion

Rips Scanner 0.5 - (code.php) Local File Inclusion
Rips Scanner 0.5 - 'code.php' Local File Inclusion

MeiuPic - 'ctl' Parameter Local File Inclusion
MeiuPic 2.1.2 - 'ctl' Parameter Local File Inclusion

qEngine - 'run' Parameter Local File Inclusion
qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion

WordPress Plugin BookX - 'includes/bookx_export.php' Local File Inclusion
WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion
Alfresco - /proxy endpoint Parameter Server Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server Side Request Forgery
Alfresco - /proxy endpoint Parameter Server-Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server-Side Request Forgery

CMSimple - Remote file Inclusion
CMSimple 4.4.4 - Remote file Inclusion

VoipSwitch - 'action' Parameter Local File Inclusion
VoipSwitch - 'user.php' Local File Inclusion

Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion
Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion

Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String
Axis Communications MPQT/PACS 5.20.x - Server-Side Include (SSI) Daemon Remote Format String

vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery
vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery
Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)
EC-CUBE 2.12.6 - Server-Side Request Forgery
Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management
2016-10-25 05:01:17 +00:00
..
dos DB: 2016-09-03 2016-09-03 13:13:25 +00:00
local DB: 2016-09-03 2016-09-03 13:13:25 +00:00
remote DB: 2016-09-28 2016-09-28 11:55:43 +00:00
webapps DB: 2016-10-25 2016-10-25 05:01:17 +00:00