Cold Zero

42 exploits Active since Jan 2006
CVE-2007-2143 EXPLOITDB perl WORKING POC
Joomla! Be2004-2 - RCE
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-4817 EXPLOITDB text WRITEUP
Detodas Restaurante Component For Joomla - Code Injection
Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.
CVE-2007-2319 EXPLOITDB text WORKING POC
Autostand Category < 1.1 - Code Injection
PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.
CVE-2007-2089 EXPLOITDB text WORKING POC
Jx Development Article <1.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/.
CVE-2006-5043 EXPLOITDB text WORKING POC
Joomlaboard Forum Component <1.1.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.
CVE-2007-3932 EXPLOITDB text WRITEUP
Expose RC35 - RCE
uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.
CVE-2007-2005 EXPLOITDB text WORKING POC
Joomla Taskhopper Component - Code Injection
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.
CVE-2007-1699 EXPLOITDB text WORKING POC
SWmenu 4.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.
CVE-2006-6154 EXPLOITDB text WORKING POC
HIOX Star Rating System Script <1.0 - RCE
PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2007-3583 EXPLOITDB text WORKING POC
Girlserv Ads < 1.5 - SQL Injection
SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.
CVE-2008-6334 EXPLOITDB text WORKING POC
Emetrix Extract Website - Path Traversal
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2006-5841 EXPLOITDB text WORKING POC
DodosMail <2.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters.
CVE-2007-1600 EXPLOITDB text WORKING POC
Digital Eye Gallery <1.1 Beta - RCE
PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
EIP-2026-106080 EXPLOITDB text WORKING POC
CommentIT - 'PathToComment' Remote File Inclusion
EIP-2026-106076 EXPLOITDB text WORKING POC
Comment IT 0.2 - 'PathToComment' Remote File Inclusion
CVE-2003-1571 EXPLOITDB text WRITEUP
Webwizguide Web Wiz Guestbook - Access Control
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
CVE-2008-5780 EXPLOITDB text WRITEUP
Forest Blog 1.3.2 - Info Disclosure
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.