Cold Zero

42 exploits Active since Jan 2006
CVE-2006-6161 EXPLOITDB text WORKING POC
Liberum Help Desk <= 0.97.3 - SQL Injection via id or uid Parameter
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-3142 EXPLOITDB text WORKING POC
vbzoom 1.11 - SQL Injection via MainID Parameter
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
CVE-2007-2941 EXPLOITDB text WORKING POC
vBGSiteMap 2.41 - Remote File Inclusion via Base Parameter
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
EIP-2026-113025 EXPLOITDB text WORKING POC
vBulletin vbBux/vbPlaza 2.x - 'vbplaza.php' Blind SQL Injection
EIP-2026-113017 EXPLOITDB php WORKING POC
vBulletin ajaxReg Module - SQL Injection
CVE-2007-2317 EXPLOITDB text WORKING POC
MiniBB < 1.5a - Remote File Inclusion via absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.
CVE-2007-4953 EXPLOITDB text WORKING POC
SimpCMS - SQL Injection via Search Keyword Parameter
SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action.
CVE-2006-3317 EXPLOITDB perl WORKING POC
phpRaid 3.0.6 - Remote File Inclusion via phpraid_dir Parameter
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.
EIP-2026-111208 EXPLOITDB text WORKING POC
PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion
EIP-2026-111044 EXPLOITDB text WORKING POC
PHPFanBase 2.x - 'protection.php' Remote File Inclusion
CVE-2006-4606 EXPLOITDB text WORKING POC
Longino Jacome php-Revista 1.1.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php.
CVE-2006-4605 EXPLOITDB text WORKING POC
Longino Jacome php-Revista 1.1.2 - Code Injection
PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.
CVE-2006-0308 EXPLOITDB text WORKING POC
htmltonuke 2.0 alpha - Remote Code Execution via filnavn Parameter
PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter.
CVE-2007-1626 EXPLOITDB text WRITEUP
PHP-NUKE iFrame Module - Remote File Inclusion via iframe.php file Parameter
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2008-7088 EXPLOITDB text WRITEUP
PhotoPost vBGallery 2.4.2 - Authenticated Arbitrary File Upload via Executable Extension Bypass
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.
CVE-2007-4952 EXPLOITDB bash WORKING POC
OmniStar Article Manager - SQL Injection via Page ID Parameter
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.
CVE-2008-0230 EXPLOITDB text WORKING POC
osDate 2.0.8 - Remote Code Execution via php121dir Parameter
PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.
CVE-2008-6335 EXPLOITDB text WORKING POC
eMetrix Online Keyword Research Tool - Path Traversal via Download Filename Parameter
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2007-0568 EXPLOITDB text WORKING POC
MyPHPCommander 2.0 - Code Injection
PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.
CVE-2007-1702 EXPLOITDB perl WORKING POC
Mambo Flatmenu < 1.7 - Remote File Inclusion via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-1596 EXPLOITDB text WORKING POC
NFN Address Book - Remote File Inclusion via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.
CVE-2007-2049 EXPLOITDB text WORKING POC
Mambo Calendar Module 1.5.5 - Remote File Inclusion via absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.
CVE-2007-2044 EXPLOITDB text WORKING POC
Antonis Ventouris Weather <mod_weather.php - RCE
PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
CVE-2007-2144 EXPLOITDB text WORKING POC
JoomlaPack 1.0.4a2 RE - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-6057 EXPLOITDB text WORKING POC
Liberum Help Desk 0.97.3 - Info Disclosure
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.