Cod3rZ

13 exploits Active since May 2008
CVE-2008-3164 EXPLOITDB perl WORKING POC
fuzzylime CMS <3.01 - Path Traversal
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
CVE-2008-5105 EXPLOITDB text WRITEUP
KarjaSoft Sami FTP Server 2.0.x - Denial of Service via Malformed FTP Commands
KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands.
CVE-2008-6652 EXPLOITDB perl WORKING POC
OneCMS 2.5 - SQL Injection via sitename Parameter
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.
EIP-2026-109744 EXPLOITDB text WORKING POC
MyBlog 1.x - SQL Injection / Remote File Inclusion
CVE-2008-7155 EXPLOITDB perl WORKING POC
NetRisk 1.9.7 - Unauthenticated Arbitrary Password Change via Direct Request
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
EIP-2026-109223 EXPLOITDB text WORKING POC
Lulieblog 1.2 - Multiple Vulnerabilities
CVE-2008-6650 EXPLOITDB text WORKING POC
miniBloggie 1.0 - Unauthenticated Arbitrary Post Deletion via post_id Parameter
del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.
EIP-2026-109029 EXPLOITDB perl WORKING POC
KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities
CVE-2008-2192 EXPLOITDB text WORKING POC
Itcms - Code Injection
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
CVE-2008-2130 EXPLOITDB perl WORKING POC
iGaming CMS 1.5 - SQL Injection via poll_vote.php id Parameter
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3164 EXPLOITDB perl WORKING POC
fuzzylime CMS <3.01 - Path Traversal
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
CVE-2008-6834 EXPLOITDB perl WORKING POC
fuzzylime (cms) 3.01 and 3.01a - Path Traversal via commupdate.php s Parameter or newsheads.php heads Parameter
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164.
CVE-2008-6745 EXPLOITDB perl WORKING POC
BlogPHP 2.0 - Privilege Escalation via Email Parameter in Register Action
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.