AtT4CKxT3rR0r1ST

99 exploits Active since Jul 2007
CVE-2014-5111 EXPLOITDB text WRITEUP
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
CVE-2014-5111 EXPLOITDB text WRITEUP
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
CVE-2014-5109 EXPLOITDB text WORKING POC
Fonality trixbox - SQL Injection via mac Parameter in endpoint_generic.php
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
CVE-2014-5111 EXPLOITDB text WRITEUP
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
CVE-2014-5112 EXPLOITDB text WORKING POC
Fonality trixbox - Remote Code Execution via lang Parameter
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
CVE-2014-5111 EXPLOITDB text WRITEUP
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
CVE-2011-0519 EXPLOITDB text WORKING POC
Gallarific PHP Photo Gallery script 2.1 - SQL Injection via gallery.php id Parameter
SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-0764 EXPLOITDB text WORKING POC
KuwaitPHP eSmile - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action.
EIP-2026-107011 EXPLOITDB text WORKING POC
EZGenerator - Local File Disclosure / Cross-Site Request Forgery
EIP-2026-106940 EXPLOITDB text WORKING POC
Eventy Online Scheduler 1.8 - Multiple Vulnerabilities
EIP-2026-106574 EXPLOITDB text WRITEUP
Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure
EIP-2026-106573 EXPLOITDB text WRITEUP
Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Disclosure
EIP-2026-106430 EXPLOITDB text WORKING POC
Dew-NewPHPLinks 2.1b - 'index.php' SQL Injection
EIP-2026-106483 EXPLOITDB text WORKING POC
DO-CMS - Multiple SQL Injections
EIP-2026-106576 EXPLOITDB text WORKING POC
Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection
EIP-2026-106575 EXPLOITDB html WORKING POC
Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation)
EIP-2026-106268 EXPLOITDB text WRITEUP
CubeCart - 'index.php' SQL Injection
CVE-2014-1636 EXPLOITDB text WRITEUP
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1636 EXPLOITDB text WRITEUP
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1636 EXPLOITDB text WORKING POC
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1636 EXPLOITDB text WORKING POC
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1636 EXPLOITDB text WRITEUP
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1636 EXPLOITDB text WRITEUP
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1636 EXPLOITDB text WORKING POC
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1636 EXPLOITDB text WRITEUP
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.