AntiSecurity

80 exploits Active since Apr 2010
CVE-2010-5040 EXPLOITDB text WORKING POC
NP_Gallery plugin 0.94 - Remote Code Execution via DIR_NUCLEUS Parameter
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1493 EXPLOITDB text WORKING POC
com_awdwall < 1.5.4 - SQL Injection via cbuser Parameter
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
CVE-2010-1479 EXPLOITDB text WORKING POC
Joomla! com_rokmodule 1.1 - SQL Injection
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
EIP-2026-113245 EXPLOITDB text WORKING POC
WebBiblio Subject Gateway System - Local File Inclusion
CVE-2010-2143 EXPLOITDB text WORKING POC
Symphony CMS 2.0.7 - Path Traversal via Mode Parameter
Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter.
CVE-2010-2313 EXPLOITDB text WORKING POC
Anodyne Productions SIMM Management System 2.6.10 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in Anodyne Productions SIMM Management System (SMS) 2.6.10, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-2314 EXPLOITDB text WORKING POC
NP_Twitter Plugin 0.8-0.9 - Remote Code Execution via DIR_PLUGINS Parameter
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-5041 EXPLOITDB text WORKING POC
NP_Gallery plugin 0.94 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
CVE-2010-1475 EXPLOITDB text WORKING POC
Joomla! com_preventive 1.0.5 - Path Traversal
Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2035 EXPLOITDB text WRITEUP
Percha Gallery 1.6 Beta - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2033 EXPLOITDB text WRITEUP
Percha com_perchacategoriestree 0.6 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2034 EXPLOITDB text WRITEUP
Percha Image Attach 1.1 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1461 EXPLOITDB text WORKING POC
Joomla! com_photobattle 1.0.1 - Path Traversal
Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
CVE-2010-1532 EXPLOITDB text WORKING POC
Joomla! com_powermail 1.5.3 - Path Traversal
Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108842 EXPLOITDB text WORKING POC
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)
CVE-2010-1715 EXPLOITDB text WORKING POC
com_onlineexam 1.5.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1491 EXPLOITDB text WORKING POC
MMS Blog (com_mmsblog) 2.3.0 - Path Traversal
Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108801 EXPLOITDB text WORKING POC
Joomla! Component My Files 1.0 - Local File Inclusion
CVE-2010-1722 EXPLOITDB text WORKING POC
com_market 2.x - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1719 EXPLOITDB text WORKING POC
com_mtfireeagle 1.2 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1312 EXPLOITDB text WORKING POC
iJoomla News Portal <1.5.x - Path Traversal
Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1658 EXPLOITDB text WORKING POC
Code-Garage NoticeBoard 1.3 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2037 EXPLOITDB text WRITEUP
Percha Downloads Attach 1.1 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2036 EXPLOITDB text WRITEUP
Percha Fields Attach 1.x - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1495 EXPLOITDB text WORKING POC
Matamko com_matamko 1.01 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.