Cod3rZ

13 exploits Active since May 2008
CVE-2008-3164 EXPLOITDB perl WORKING POC
fuzzylime CMS <3.01 - Path Traversal
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
CVE-2008-5105 EXPLOITDB text WRITEUP
Karjasoft Sami FTP Server - Improper Input Validation
KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands.
CVE-2008-6652 EXPLOITDB perl WORKING POC
Insanevisions Onecms - SQL Injection
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.
EIP-2026-109744 EXPLOITDB text WORKING POC
MyBlog 1.x - SQL Injection / Remote File Inclusion
CVE-2008-7155 EXPLOITDB perl WORKING POC
NetRisk 1.9.7 - Info Disclosure
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
EIP-2026-109223 EXPLOITDB text WORKING POC
Lulieblog 1.2 - Multiple Vulnerabilities
CVE-2008-6650 EXPLOITDB text WORKING POC
Mywebland Minibloggie - Access Control
del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.
EIP-2026-109029 EXPLOITDB perl WORKING POC
KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities
CVE-2008-2192 EXPLOITDB text WORKING POC
Itcms - Code Injection
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
CVE-2008-2130 EXPLOITDB perl WORKING POC
Igaming Cms - SQL Injection
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3164 EXPLOITDB perl WORKING POC
fuzzylime CMS <3.01 - Path Traversal
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
CVE-2008-6834 EXPLOITDB perl WORKING POC
Fuzzylime (cms) - Path Traversal
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164.
CVE-2008-6745 EXPLOITDB perl WORKING POC
Blogphp - Improper Input Validation
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.