Cold z3ro

37 exploits Active since Jan 2006
CVE-2008-0251 EXPLOITDB WRITEUP
Photopost Vbgallery < 2.4.1 - Code Injection
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
CVE-2024-58294 EXPLOITDB HIGH php WORKING POC
Sangoma Freepbx - OS Command Injection
FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.
CVSS 8.8
CVE-2006-6161 EXPLOITDB text WORKING POC
Doug Luxem Liberum Help Desk < 0.97.3 - SQL Injection
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-113025 EXPLOITDB text WORKING POC
vBulletin vbBux/vbPlaza 2.x - 'vbplaza.php' Blind SQL Injection
EIP-2026-113017 EXPLOITDB php WORKING POC
vBulletin ajaxReg Module - SQL Injection
CVE-2006-3142 EXPLOITDB text WORKING POC
VBZooM 1.11 - SQL Injection
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
CVE-2007-2941 EXPLOITDB text WORKING POC
vBGSiteMap 2.41 - RCE
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
CVE-2007-2317 EXPLOITDB text WORKING POC
MiniBB Forum <1.5a - RCE
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.
CVE-2007-4953 EXPLOITDB text WORKING POC
Simpcms - SQL Injection
SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action.
CVE-2007-5313 EXPLOITDB text WORKING POC
Script-solution.de Picturesolution < 2.1 - Code Injection
PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-4606 EXPLOITDB text WORKING POC
Longino Jacome Php-revista - SQL Injection
Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php.
CVE-2006-3317 EXPLOITDB perl WORKING POC
phpRaid 3.0.6 - RCE
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.
CVE-2006-0308 EXPLOITDB text WORKING POC
Htmltonuke - Code Injection
PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter.
CVE-2007-1626 EXPLOITDB text WRITEUP
PHP-NUKE <iframe.php - RCE
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2008-7088 EXPLOITDB text WRITEUP
Photopost Vbgallery - Improper Input Validation
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.
CVE-2008-6335 EXPLOITDB text WORKING POC
Emetrix Online Keyword Research Tool - Path Traversal
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2008-0230 EXPLOITDB text WORKING POC
Osdate - Code Injection
PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.
CVE-2007-4952 EXPLOITDB bash WORKING POC
Omnistar Interactive Omnistar Article Manager - SQL Injection
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.
CVE-2007-0568 EXPLOITDB text WORKING POC
MyPHPCommander 2.0 - Code Injection
PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.
CVE-2007-1596 EXPLOITDB text WORKING POC
NFN Address Book 0.4 - RCE
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.
CVE-2007-2044 EXPLOITDB text WORKING POC
Antonis Ventouris Weather <mod_weather.php - RCE
PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
CVE-2007-2049 EXPLOITDB text WORKING POC
Mambo Calendar Module <1.5.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.
CVE-2007-2144 EXPLOITDB text WORKING POC
Joomlapack - Code Injection
PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-6057 EXPLOITDB text WORKING POC
Liberum Help Desk 0.97.3 - Info Disclosure
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2007-4817 EXPLOITDB text WRITEUP
Detodas Restaurante Component For Joomla - Code Injection
Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.