AmnPardaz Security Research Team

76 exploits Active since Jul 2007
CVE-2008-2878 EXPLOITDB WORKING POC
Academic Web Tools < 1.4.2.8 - Open Redirect via rss_getfile.php file Parameter
Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter.
CVE-2008-2967 EXPLOITDB WORKING POC
Academic Web Tools < 1.4.2.8 - Cross-Site Scripting via Query String and glb_sid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php.
CVE-2008-2968 EXPLOITDB WORKING POC
Academic Web Tools < 1.4.2.8 - SQL Injection via rating.php book_id Parameter
SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
CVE-2008-2969 EXPLOITDB WORKING POC
Academic Web Tools <= 1.4.2.8 - Path Traversal via dfile Parameter
Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter.
CVE-2008-6673 EXPLOITDB WORKING POC
QuickerSite 1.8.5 - Unauthenticated Administrative Functionality Access
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action.
CVE-2008-6674 EXPLOITDB WORKING POC
QuickerSite 1.8.5 - Denial of Service via mailPage.asp sEmail Parameter
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
CVE-2008-6675 EXPLOITDB WORKING POC
QuickerSite 1.8.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.
CVE-2008-6676 EXPLOITDB WORKING POC
QuickerSite 1.8.5 - Information Disclosure via showThumb.aspx
QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message.
CVE-2008-6677 EXPLOITDB WORKING POC
QuickerSite 1.8.5 - Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
CVE-2010-4894 EXPLOITDB text WRITEUP
chillyCMS 1.1.3 - SQL Injection via Name Parameter
SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-0963 EXPLOITDB text WRITEUP
PHPRunner < 4.2 - SQL Injection via SearchField Parameter
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
CVE-2008-7208 EXPLOITDB text WRITEUP
OneCMS < 2.4 - SQL Injection via Username or User Parameter
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.
CVE-2008-2186 EXPLOITDB text WRITEUP
Cilekyazilim Chicomas - XSS
Cross-site scripting (XSS) vulnerability in index.php in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2008-1907 EXPLOITDB text WRITEUP
cpCommerce 1.1.0 - SQL Injection via id_product, id_manufacturer, or id_category Parameter
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and CVE-2007-2890.
CVE-2008-1906 EXPLOITDB text WRITEUP
cpCommerce 1.1.0 - Cross-Site Scripting via Calendar Year Parameter
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action.
CVE-2008-1895 EXPLOITDB text WORKING POC
Carbon Communities <2.4 - SQL Injection
Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action.
CVE-2007-6650 EXPLOITDB text WRITEUP
Bitweaver R2 - Unrestricted File Upload
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
CVE-2008-2863 EXPLOITDB text WORKING POC
elinestudio site_composer < 2.6 - Path Traversal via inpCurrFolder Parameter
Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.
CVE-2008-2862 EXPLOITDB text WORKING POC
eLineStudio Site Composer < 2.6 - SQL Injection via id or template_id Parameter
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
CVE-2008-2861 EXPLOITDB text WORKING POC
eLineStudio Site Composer <= 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.
CVE-2008-2842 EXPLOITDB text WORKING POC
doitlive/cms < 2.50 - Cross-Site Scripting via FILE Parameter
Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter.
CVE-2008-2022 EXPLOITDB text WORKING POC
MegaBBS 2.2 - Cross-Site Scripting via toid Parameter
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication.
CVE-2008-1992 EXPLOITDB text WORKING POC
Acidcat CMS 3.4.1 - Info Disclosure
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields.
CVE-2008-1991 EXPLOITDB text WORKING POC
Acidcat CMS 3.4.1 - Cross-Site Scripting via admin_colors_swatch.asp field Parameter
Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
CVE-2008-1990 EXPLOITDB text WORKING POC
Acidcat CMS 3.4.1 - SQL Injection via cID or Username Parameter
Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.