Cold Zero

42 exploits Active since Jan 2006
CVE-2007-2143 EXPLOITDB perl WORKING POC
Joomla Be2004-2 Template - Remote File Inclusion via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-4817 EXPLOITDB text WRITEUP
Restaurante Component for Joomla! - Unauthenticated Arbitrary PHP File Upload via Double Extension Bypass
Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.
CVE-2007-2319 EXPLOITDB text WORKING POC
AutoStand < 1.1 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.
CVE-2007-2089 EXPLOITDB text WORKING POC
Jx Development Article Component < 1.1 - Remote File Inclusion via absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/.
CVE-2006-5043 EXPLOITDB text WORKING POC
Joomlaboard Forum Component <1.1.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.
CVE-2007-3932 EXPLOITDB text WRITEUP
Expose RC35 - Remote Code Execution
uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.
CVE-2007-2005 EXPLOITDB text WORKING POC
Taskhopper Component for Joomla! and Mambo - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.
CVE-2007-1699 EXPLOITDB text WORKING POC
SWmenu Component for Joomla and Mambo - Remote File Inclusion via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.
CVE-2006-6154 EXPLOITDB text WORKING POC
HIOX Star Rating System Script <1.0 - RCE
PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2007-3583 EXPLOITDB text WORKING POC
girlserv_ads < 1.5 - SQL Injection via idnew Parameter
SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.
CVE-2008-6334 EXPLOITDB text WORKING POC
emetrix Extract Website - Path Traversal via Download Filename Parameter
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2006-5841 EXPLOITDB text WORKING POC
DodosMail < 2.1 - Remote File Inclusion via dodosmail_header_file or dodosmail_footer_file Parameters
Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters.
CVE-2007-1600 EXPLOITDB text WORKING POC
Digital Eye Gallery <1.1 Beta - RCE
PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
EIP-2026-106080 EXPLOITDB text WORKING POC
CommentIT - 'PathToComment' Remote File Inclusion
EIP-2026-106076 EXPLOITDB text WORKING POC
Comment IT 0.2 - 'PathToComment' Remote File Inclusion
CVE-2003-1571 EXPLOITDB text WRITEUP
Web Wiz Guestbook 6.0 and 8.21 - Unauthenticated Sensitive Information Exposure via Direct Database Request
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
CVE-2008-5780 EXPLOITDB text WRITEUP
Forest Blog 1.3.2 - Info Disclosure
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.