AmnPardaz Security Research Team

76 exploits Active since Jul 2007
CVE-2008-0094 EXPLOITDB text WORKING POC
Modxcms - Path Traversal
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.
CVE-2008-3955 EXPLOITDB text WRITEUP
Masir Camp E-Shop Module <3.0 - SQL Injection
SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page.
EIP-2026-107771 EXPLOITDB text WORKING POC
iges CMS 2.0 - Cross-Site Scripting / SQL Injection
CVE-2007-3535 EXPLOITDB text WRITEUP
GL-SH Deaf Forum < 6.4.4 - Remote File Inclusion via Directory Traversal
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php.
CVE-2008-2864 EXPLOITDB text WORKING POC
eLineStudio Site Composer <= 2.6 - Exposure of Sensitive Information via Direct Request
eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.
CVE-2008-5792 EXPLOITDB text WRITEUP
Indiscripts Enthusiast <3.1.4 - RCE
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
CVE-2008-1908 EXPLOITDB text WRITEUP
cpCommerce 1.1.0 - Path Traversal via Language or Action Parameter
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action parameter to category.php.
CVE-2007-6651 EXPLOITDB text WRITEUP
bitweaver - Path Traversal via wiki/edit.php suck_url Parameter
Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter.
CVE-2010-4895 EXPLOITDB text WRITEUP
chillyCMS 1.1.3 - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information.
CVE-2008-5853 EXPLOITDB text WRITEUP
Chilek Content Management System <2.0.4 - Info Disclosure
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.
CVE-2008-0428 EXPLOITDB text WRITEUP
bloofoxCMS 0.3 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
EIP-2026-105179 EXPLOITDB text WORKING POC
AneCMS 1.0 - Multiple Local File Inclusions
CVE-2008-1993 EXPLOITDB text WORKING POC
acidcat_cms 3.4.1 - Unauthenticated Arbitrary File Upload via FCKEditor
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files.
EIP-2026-104916 EXPLOITDB text WRITEUP
ACollab - Multiple Vulnerabilities
EIP-2026-104187 EXPLOITDB text WRITEUP
Blaze Apps 1.x - SQL Injection / HTML Injection
CVE-2008-4364 EXPLOITDB text WRITEUP
ParsaGostar ParsaWeb CMS - SQL Injection via id or txtSearch Parameter
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
CVE-2008-0481 EXPLOITDB text WRITEUP
Web Wiz Rich Text Editor 4.0 - Path Traversal via RTE_file_browser.asp sub Parameter
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
CVE-2008-0479 EXPLOITDB text WRITEUP
Web Wiz NewsPad 1.02 - Path Traversal via RTE_file_browser.asp Sub Parameter
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
CVE-2008-0480 EXPLOITDB text WRITEUP
Web Wiz Forums < 9.07 - Path Traversal via RTE_file_browser.asp or file_browser.asp Sub Parameter
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
EIP-2026-100603 EXPLOITDB text WRITEUP
Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities
CVE-2008-2023 EXPLOITDB text WORKING POC
PD9 Software MegaBBS 2.2 - SQL Injection
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.
CVE-2008-1896 EXPLOITDB text WORKING POC
Carbon Communities < 2.4 - Cross-Site Scripting via Redirect or OrderBy Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.
EIP-2026-100325 EXPLOITDB text WORKING POC
Ferdows CMS Pro 1.1.0 - Multiple Vulnerabilities
CVE-2008-6644 EXPLOITDB text WORKING POC
DotNetNuke < 4.8.3 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2008-2843 EXPLOITDB text WORKING POC
doitlive/cms < 2.50 - SQL Injection via ID Parameter or Licence Cookie
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.