AmnPardaz Security Research Team

76 exploits Active since Jul 2007
CVE-2008-2681 EXPLOITDB text WRITEUP
Realm CMS < 2.3 - Exposure of Sensitive Information via Direct Request to _db/compact.asp
Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message.
CVE-2008-2680 EXPLOITDB text WRITEUP
Realm CMS < 2.3 - Cross-Site Scripting via CmpctedDB or Boyut Parameters
Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters.
CVE-2008-2679 EXPLOITDB text WRITEUP
Realm CMS < 2.3 - SQL Injection via KeyWordsList kwrd Parameter
SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.
CVE-2008-0473 EXPLOITDB text WRITEUP
Web Wiz Rich Text Editor 4.0 - Unauthenticated Arbitrary File Upload via RTE_popup_save_file.asp
RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors.
CVE-2008-0466 EXPLOITDB text WRITEUP
Web Wiz Rich Text Editor 4.0, Forums 9.07, Newspad 1.02 - Unauthenticated Directory Listing & File Read
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
CVE-2008-0466 EXPLOITDB text WRITEUP
Web Wiz Rich Text Editor 4.0, Forums 9.07, Newspad 1.02 - Unauthenticated Directory Listing & File Read
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
CVE-2008-0427 EXPLOITDB text WRITEUP
bloofoxCMS 0.3 - Path Traversal via File Parameter
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2010-1078 EXPLOITDB text WRITEUP
XlentProjects SphereCMS 1.1 - SQL Injection
SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism.
CVE-2008-2970 EXPLOITDB text WORKING POC
Academic Web Tools < 1.4.2.8 - Session Fixation via PHPSESSID Parameter
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
EIP-2026-113129 EXPLOITDB text WRITEUP
VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections
EIP-2026-112781 EXPLOITDB text WRITEUP
TransLucid 1.75 - 'FCKeditor' Arbitrary File Upload
EIP-2026-112718 EXPLOITDB text WRITEUP
Tinypug 0.9.5 - Cross-Site Request Forgery (Password Change)
EIP-2026-111898 EXPLOITDB text WORKING POC
saspcms 0.9 - Multiple Vulnerabilities
CVE-2008-6678 EXPLOITDB text WORKING POC
QuickerSite 1.8.5 - SQL Injection via sNickName Parameter
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
CVE-2008-2682 EXPLOITDB text WRITEUP
Realm CMS 2.3 - Unauthenticated Authentication Bypass via Cookie Manipulation
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
CVE-2008-3194 EXPLOITDB text WORKING POC
pluck 4.5.1 - Path Traversal via langpref file blogpost or cat Parameter
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter.
CVE-2008-2753 EXPLOITDB text WORKING POC
Pooya Site Builder 6.0 - SQL Injection via xslIdn or part Parameter
Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/.
CVE-2009-0964 EXPLOITDB HIGH text WRITEUP
PHPRunner < 4.2 - Cleartext Storage of Sensitive Information in Database
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
CVSS 7.5
EIP-2026-111115 EXPLOITDB php WORKING POC
phpList 2.10.x - Remote Code Execution / Local File Inclusion
CVE-2009-0422 EXPLOITDB text WORKING POC
phplist < 2.10.8 - Remote Code Execution via _SERVER[ConfigFile] Parameter
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
EIP-2026-110550 EXPLOITDB text WORKING POC
Persia BME E-Catalogue - SQL Injection
CVE-2008-7209 EXPLOITDB text WRITEUP
OneCMS < 2.4 - Unauthenticated Arbitrary File Upload and Remote Code Execution via a_upload.php
Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory.
CVE-2008-0094 EXPLOITDB text WORKING POC
Modxcms - Path Traversal
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.
EIP-2026-109742 EXPLOITDB text WORKING POC
MyBlog 0.9.8 - Multiple Remote Information Disclosure Vulnerabilities
EIP-2026-109545 EXPLOITDB text WRITEUP
MODx CMS 0.9.6.1 - Multiple Vulnerabilities