BeyazKurt

24 exploits Active since Mar 2007
CVE-2008-4427 EXPLOITDB WORKING POC
Phlatline Personal Information Manager < 1.0 - Authentication Bypass
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
CVE-2008-4428 EXPLOITDB WORKING POC
Phlatline Personal Information Manager - Improper Input Validation
Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.
CVE-2008-6118 EXPLOITDB text WORKING POC
Goople CMS 1.7 - Auth Bypass
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
CVE-2008-4426 EXPLOITDB text WORKING POC
Phlatline Personal Information Manager - XSS
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
CVE-2008-4425 EXPLOITDB text WORKING POC
Phlatline Personal Information Manager - Path Traversal
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.
CVE-2007-3236 EXPLOITDB text WRITEUP
Horoscope 1.0 - RCE
PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter.
EIP-2026-113224 EXPLOITDB perl WORKING POC
Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
CVE-2007-1932 EXPLOITDB text WORKING POC
Scar4u Scarnews - Path Traversal
Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter.
CVE-2008-6781 EXPLOITDB text WRITEUP
Scripts-for-sites EZ Gaming Directory - SQL Injection
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2008-6783 EXPLOITDB text WORKING POC
Scripts-for-sites EZ Home Business Directory - SQL Injection
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2008-6782 EXPLOITDB text WRITEUP
Scripts-for-sites EZ Hosting Directory - SQL Injection
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2008-6808 EXPLOITDB text WRITEUP
Scripts-for-sites EZ Link Directory - SQL Injection
SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2008-4528 EXPLOITDB text WORKING POC
Phlatline Personal Information Manager - Path Traversal
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
CVE-2008-7240 EXPLOITDB text WORKING POC
Linux Web Shop (LWS) php User Base 1.3beta - Path Traversal
Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter.
CVE-2008-3385 EXPLOITDB text WORKING POC
php Help Agent 1.0-1.1 Full - Path Traversal
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-1042 EXPLOITDB text WORKING POC
Linux WEB Shop Php Download Manager < 1.1 - Path Traversal
Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter.
CVE-2007-2303 EXPLOITDB perl WORKING POC
News Manager Deluxe - Path Traversal
Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
CVE-2008-6119 EXPLOITDB text WORKING POC
Goople CMS 1.7 - Code Injection
Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2743 EXPLOITDB text WORKING POC
GlossWord 1.8.1 - RCE
PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.
EIP-2026-106728 EXPLOITDB text WORKING POC
Easynet4u Link Host - 'cat_id' SQL Injection
CVE-2008-5922 EXPLOITDB text WORKING POC
Cant Find A Gaming CMS < - RCE
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
CVE-2007-2560 EXPLOITDB perl WORKING POC
ACGVannu <1.3 - Path Traversal
Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter.
CVE-2008-6493 EXPLOITDB text WRITEUP
Easy-news Easy Content Management Publishing - Access Control
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.
CVE-2007-1445 EXPLOITDB text WORKING POC
Betaparticle Blog < 7.0.2 - SQL Injection
SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.