Alemin_Krali

8 exploits Active since Dec 2004
CVE-2008-6977 EXPLOITDB text WORKING POC
aspWebAlbum 3.2 - Cross-Site Scripting via Album Summary Message Parameter
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
CVE-2008-6977 EXPLOITDB text WRITEUP
aspWebAlbum 3.2 - Cross-Site Scripting via Album Summary Message Parameter
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
CVE-2004-1553 EXPLOITDB text WORKING POC
aspWebAlbum - SQL Injection via Username Field or Cat Parameter
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
CVE-2004-1553 EXPLOITDB text WRITEUP
aspWebAlbum - SQL Injection via Username Field or Cat Parameter
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
CVE-2008-1462 EXPLOITDB text WRITEUP
RunCMS - Section Module < SQL Injection
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.
CVE-2008-6978 EXPLOITDB text WRITEUP
Full Revolution aspWebAlbum 3.2 - Unrestricted File Upload and Remote Code Execution via pics/ Directory
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
CVE-2008-6978 EXPLOITDB text WORKING POC
Full Revolution aspWebAlbum 3.2 - Unrestricted File Upload and Remote Code Execution via pics/ Directory
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
CVE-2008-2832 EXPLOITDB text WORKING POC
aspWebCalendar 2008 - Unauthenticated Arbitrary File Upload and Remote Code Execution via FILE1 Parameter
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.