Chip d3 bi0s

51 exploits Active since Jun 2009
CVE-2010-2045 EXPLOITDB text WORKING POC
Dionesoft Com Dioneformwizard - Path Traversal
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
CVE-2010-2920 EXPLOITDB text WORKING POC
Joomla! com_foobla_suggestions 1.5.1.2 - Path Traversal
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
CVE-2010-1529 EXPLOITDB text WRITEUP
Freestyle FAQs Lite - SQL Injection via faqid Parameter
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php.
EIP-2026-108659 EXPLOITDB text WORKING POC
Joomla! Component Gift Exchange com_giftexchange 1.0 Beta - 'pkg' SQL Injection
CVE-2010-3211 EXPLOITDB text WRITEUP
JE FAQ Pro 1.5.0 - SQL Injection
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.
CVE-2010-1305 EXPLOITDB text WORKING POC
Joomla! com_jinventory <1.26.03 - Path Traversal
Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108723 EXPLOITDB perl WORKING POC
Joomla! Component JForJoomla! Jreservation 1.5 - 'pid' SQL Injection
CVE-2010-1217 EXPLOITDB text WORKING POC
JE Form Creator - Unauthenticated Directory Traversal via View Parameter
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
EIP-2026-108190 EXPLOITDB text WRITEUP
Joomla! Component A Cool Debate 1.0.3 - Local File Inclusion
CVE-2009-1848 EXPLOITDB text WORKING POC
JoomlaMe AgoraGroups 0.3.5.3 - SQL Injection via id Parameter
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php.
CVE-2009-2609 EXPLOITDB text WORKING POC
amoCourse (com_amocourse) - SQL Injection via catid Parameter
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
EIP-2026-108294 EXPLOITDB text WORKING POC
Joomla! Component com_calcbuilder - 'id' Blind SQL Injection
CVE-2009-3661 EXPLOITDB text WORKING POC
Blueconstantmedia Com Djcatalog - SQL Injection
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
CVE-2009-3669 EXPLOITDB text WORKING POC
com_foobla_suggestions 1.5.11 - SQL Injection via idea_id Parameter
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
CVE-2009-2782 EXPLOITDB text WORKING POC
JFusion com_jfusion - SQL Injection via Itemid Parameter
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
EIP-2026-108399 EXPLOITDB perl WORKING POC
Joomla! Component com_jlord_rss - 'id' Blind SQL Injection
CVE-2010-1340 EXPLOITDB text WORKING POC
J!Research (com_jresearch) - Path Traversal via Controller Parameter
Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-3316 EXPLOITDB perl WORKING POC
JReservation 1.0 and 1.5 - SQL Injection via pid Parameter
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
CVE-2009-3971 EXPLOITDB text WRITEUP
jtips com_jtips - SQL Injection via Season Parameter
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
CVE-2009-2395 EXPLOITDB text WORKING POC
com_k2 < 1.0.1 - SQL Injection via Category Parameter
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
CVE-2009-4199 EXPLOITDB text WORKING POC
Mambo Resident 1.0f - SQL Injection
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php.
CVE-2009-3964 EXPLOITDB text WORKING POC
com_ninjamonials 1.1.0 - SQL Injection via testimID Parameter
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
CVE-2009-2400 EXPLOITDB text WORKING POC
com_php - SQL Injection via id Parameter
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
EIP-2026-108483 EXPLOITDB text WRITEUP
Joomla! Component com_PHP 0.1 - Local File Inclusion
CVE-2009-3334 EXPLOITDB text WRITEUP
Lhacky! Extensions Cave Joomla! Integrated Newsletters Component 0.2 - SQL Injection via newsid Parameter
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.