Albert Puigsech Galicia - Security Researcher - Exploit Intelligence Platform

CVE-2004-1166 EXPLOITDB text WORKING POC

Microsoft IE - Code Injection

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

View Code

EIP-2026-111214 EXPLOITDB text WORKING POC

PHPSysInfo 2.0/2.1 - 'index.php' File Disclosure

View Code

CVE-2003-0536 EXPLOITDB text WORKING POC

phpsysinfo <= 2.1 - Directory Traversal via Template or Language Parameter

Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.

View Code

CVE-2004-0269 EXPLOITDB text WRITEUP

PHP-Nuke <= 6.9 - SQL Injection via Search Category or Web_Links Admin Parameter

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.

View Code

CVE-2003-1210 EXPLOITDB text WRITEUP

PHP-Nuke < 6.5 - SQL Injection via Downloads Module Parameters

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.

View Code

EIP-2026-110253 EXPLOITDB text WRITEUP

OpenBB 1.0/1.1 - 'index.php' SQL Injection

View Code

EIP-2026-110252 EXPLOITDB text WRITEUP

OpenBB 1.0/1.1 - 'board.php' SQL Injection

View Code

EIP-2026-110254 EXPLOITDB text WRITEUP

OpenBB 1.0/1.1 - 'member.php' SQL Injection

View Code

CVE-2004-1165 EXPLOITDB text WRITEUP

Konqueror 3.3.1 - Command Injection

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

View Code

EIP-2026-101105 EXPLOITDB text WORKING POC

U.S. Robotics USR808054 Wireless Access Point - Web Administration Denial of Service

View Code