Cold z3ro

37 exploits Active since Jan 2006
CVE-2008-0251 EXPLOITDB WRITEUP
PhotoPost vBGallery < 2.4.1 - Unauthenticated Arbitrary File Upload
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
CVE-2024-58294 EXPLOITDB HIGH php WORKING POC
FreePBX 16 - Authenticated Remote Code Execution via API Module Generatedocs Endpoint
FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.
CVSS 8.8
CVE-2006-6161 EXPLOITDB text WORKING POC
Liberum Help Desk <= 0.97.3 - SQL Injection via id or uid Parameter
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-113025 EXPLOITDB text WORKING POC
vBulletin vbBux/vbPlaza 2.x - 'vbplaza.php' Blind SQL Injection
EIP-2026-113017 EXPLOITDB php WORKING POC
vBulletin ajaxReg Module - SQL Injection
CVE-2006-3142 EXPLOITDB text WORKING POC
vbzoom 1.11 - SQL Injection via MainID Parameter
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
CVE-2007-2941 EXPLOITDB text WORKING POC
vBGSiteMap 2.41 - Remote File Inclusion via Base Parameter
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
CVE-2007-2317 EXPLOITDB text WORKING POC
MiniBB < 1.5a - Remote File Inclusion via absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.
CVE-2007-4953 EXPLOITDB text WORKING POC
SimpCMS - SQL Injection via Search Keyword Parameter
SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action.
CVE-2007-5313 EXPLOITDB text WORKING POC
Picturesolution < 2.1 - Remote Code Execution via Path Parameter in install/config.php
PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-4606 EXPLOITDB text WORKING POC
Longino Jacome php-Revista 1.1.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php.
CVE-2006-3317 EXPLOITDB perl WORKING POC
phpRaid 3.0.6 - Remote File Inclusion via phpraid_dir Parameter
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.
CVE-2006-0308 EXPLOITDB text WORKING POC
htmltonuke 2.0 alpha - Remote Code Execution via filnavn Parameter
PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter.
CVE-2007-1626 EXPLOITDB text WRITEUP
PHP-NUKE iFrame Module - Remote File Inclusion via iframe.php file Parameter
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2008-7088 EXPLOITDB text WRITEUP
PhotoPost vBGallery 2.4.2 - Authenticated Arbitrary File Upload via Executable Extension Bypass
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.
CVE-2008-6335 EXPLOITDB text WORKING POC
eMetrix Online Keyword Research Tool - Path Traversal via Download Filename Parameter
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2008-0230 EXPLOITDB text WORKING POC
osDate 2.0.8 - Remote Code Execution via php121dir Parameter
PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.
CVE-2007-4952 EXPLOITDB bash WORKING POC
OmniStar Article Manager - SQL Injection via Page ID Parameter
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.
CVE-2007-0568 EXPLOITDB text WORKING POC
MyPHPCommander 2.0 - Code Injection
PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.
CVE-2007-1596 EXPLOITDB text WORKING POC
NFN Address Book - Remote File Inclusion via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.
CVE-2007-2044 EXPLOITDB text WORKING POC
Antonis Ventouris Weather <mod_weather.php - RCE
PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
CVE-2007-2049 EXPLOITDB text WORKING POC
Mambo Calendar Module 1.5.5 - Remote File Inclusion via absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.
CVE-2007-2144 EXPLOITDB text WORKING POC
JoomlaPack 1.0.4a2 RE - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-6057 EXPLOITDB text WORKING POC
Liberum Help Desk 0.97.3 - Info Disclosure
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2007-4817 EXPLOITDB text WRITEUP
Restaurante Component for Joomla! - Unauthenticated Arbitrary PHP File Upload via Double Extension Bypass
Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.