Ams

12 exploits Active since Jul 2008
CVE-2008-4164 EXPLOITDB perl WORKING POC
MemHT Portal <= 3.9.0 - Exposure of Sensitive Information via Direct Request to cron.php
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVE-2009-2023 EXPLOITDB perl WORKING POC
Shop-Script Pro 2.12 - SQL Injection
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.
CVE-2008-3150 EXPLOITDB perl WORKING POC
Neutrino Atomic Edition 0.8.4 - Path Traversal
Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php.
CVE-2008-5739 EXPLOITDB python WORKING POC
Pligg CMS 9.9.5 Beta - SQL Injection
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
EIP-2026-110048 EXPLOITDB perl WORKING POC
OneOrZero helpdesk 1.6.x. - Arbitrary File Upload
CVE-2008-3589 EXPLOITDB perl WORKING POC
moziloCMS 1.10.1 - Path Traversal via Download.php Cat Parameter
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
CVE-2008-5132 EXPLOITDB python WORKING POC
MemHT Portal 4.0.1 - SQL Injection via X-Forwarded-For Header
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
EIP-2026-109408 EXPLOITDB perl WORKING POC
MemHT Portal 4.0 - Remote Code Execution
CVE-2008-4457 EXPLOITDB perl WORKING POC
MemHT Portal < 3.9.0 - SQL Injection via stats_res Cookie
SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.
EIP-2026-108070 EXPLOITDB perl WORKING POC
JBLOG 1.5.1 - SQL Table Backup
CVE-2008-3165 EXPLOITDB perl WORKING POC
fuzzylime_cms < 3.01 - Path Traversal via RSS p Parameter
Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.
EIP-2026-104491 EXPLOITDB text WORKING POC
Wing FTP Server 3.2.4 - Cross-Site Request Forgery