AkaStep

47 exploits Active since May 2012
EIP-2026-109591 EXPLOITDB text WRITEUP
MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure
CVE-2012-4254 EXPLOITDB text WRITEUP
Mysqldumper - Information Disclosure
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.
CVE-2012-4251 EXPLOITDB text WRITEUP
Mysqldumper - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
CVE-2012-4251 EXPLOITDB text WRITEUP
Mysqldumper - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
EIP-2026-109805 EXPLOITDB php WORKING POC
MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution
CVE-2012-4252 EXPLOITDB text WRITEUP
Mysqldumper - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.
CVE-2012-4251 EXPLOITDB text WRITEUP
Mysqldumper - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
CVE-2012-4251 EXPLOITDB text WRITEUP
Mysqldumper - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
CVE-2012-4253 EXPLOITDB text WRITEUP
Mysqldumper - Path Traversal
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
EIP-2026-107432 EXPLOITDB text WORKING POC
Glossword 1.8.3 - SQL Injection
EIP-2026-105867 EXPLOITDB text WORKING POC
CKEditor 4.0.1 - Multiple Vulnerabilities
EIP-2026-106176 EXPLOITDB text WRITEUP
Cotonti - 'admin.php' SQL Injection
EIP-2026-106129 EXPLOITDB text WRITEUP
Concrete5 CMS FlashUploader - Arbitrary '.SWF' File Upload
EIP-2026-106122 EXPLOITDB perl WORKING POC
Concrete CMS < 5.5.21 - Multiple Vulnerabilities
EIP-2026-105944 EXPLOITDB text WORKING POC
ClipShare 4.1.4 - Multiple Vulnerabilities
EIP-2026-105865 EXPLOITDB text WORKING POC
CKEditor - 'posteddata.php' Cross-Site Scripting
CVE-2012-2919 EXPLOITDB text WRITEUP
Chevereto 1.9.1 - Path Traversal
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
CVE-2012-2918 EXPLOITDB text WRITEUP
Chevereto 1.91 - XSS
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
EIP-2026-105346 EXPLOITDB text WORKING POC
AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities
EIP-2026-105059 EXPLOITDB text WRITEUP
Ajaxmint Gallery 1.0 - Local File Inclusion
CVE-2012-4253 EXPLOITDB text WRITEUP
Mysqldumper - Path Traversal
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
EIP-2026-103915 EXPLOITDB text WRITEUP
Greenstone - Multiple Vulnerabilities