CoBRa_21

68 exploits Active since Nov 2004
CVE-2009-4626 EXPLOITDB text WRITEUP
phpNagios 1.2.0 - Remote File Inclusion via menu.php conf[lang] Parameter
Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter.
CVE-2008-6318 EXPLOITDB text WORKING POC
PHPmyGallery 1.5 beta - Remote Code Execution via admindir Parameter
PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317.
CVE-2010-2720 EXPLOITDB text STUB
phpaaCms 0.3.1 UTF-8 - SQL Injection via list.php id Parameter
SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2005-0929 EXPLOITDB text WRITEUP
PhotoPost PHP Pro <5.x - SQL Injection
SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.
EIP-2026-109628 EXPLOITDB text WORKING POC
Multi Vendor Mall - 'itemdetail.php?& shop.php' SQL Injection
EIP-2026-109297 EXPLOITDB text WORKING POC
Mambo Component N-Myndir - SQL Injection
EIP-2026-109280 EXPLOITDB text WORKING POC
Mambo Component Ahsshop - SQL Injection
EIP-2026-109294 EXPLOITDB text WORKING POC
Mambo Component N-Frettir - SQL Injection
EIP-2026-109296 EXPLOITDB text WORKING POC
Mambo Component N-Gallery - SQL Injection
EIP-2026-109298 EXPLOITDB text WORKING POC
Mambo Component N-Press - SQL Injection
EIP-2026-109299 EXPLOITDB text WORKING POC
Mambo Component N-Skyrslur - Cross-Site Scripting
EIP-2026-109328 EXPLOITDB text WORKING POC
Marinet CMS - SQL Injection / Cross-Site Scripting / HTML Injection
CVE-2009-3056 EXPLOITDB text WORKING POC
KingCMS 0.6.0 - Remote Code Execution via CONFIG[AdminPath] Parameter
PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter.
EIP-2026-108597 EXPLOITDB text WRITEUP
Joomla! Component com_xball - 'team_id' SQL Injection
EIP-2026-108588 EXPLOITDB text WRITEUP
Joomla! Component com_voj - SQL Injection
EIP-2026-108572 EXPLOITDB text WRITEUP
Joomla! Component com_tsonymf - 'idofitem' SQL Injection
EIP-2026-108571 EXPLOITDB text WORKING POC
Joomla! Component com_tree - 'key' SQL Injection
EIP-2026-108562 EXPLOITDB text WRITEUP
Joomla! Component com_team - SQL Injection
EIP-2026-108557 EXPLOITDB text WORKING POC
Joomla! Component com_szallasok - 'id' SQL Injection
EIP-2026-108538 EXPLOITDB text WORKING POC
Joomla! Component com_shop - 'id' SQL Injection
EIP-2026-108438 EXPLOITDB text WORKING POC
Joomla! Component com_markt - SQL Injection
EIP-2026-108375 EXPLOITDB text WORKING POC
Joomla! Component com_img - Local File Inclusion
EIP-2026-108335 EXPLOITDB text WRITEUP
Joomla! Component com_dshop - SQL Injection
EIP-2026-108306 EXPLOITDB text WORKING POC
Joomla! Component com_clanlist - SQL Injection
EIP-2026-108297 EXPLOITDB text WRITEUP
Joomla! Component com_caproductprices - 'id' SQL Injection