Cold z3ro

37 exploits Active since Jan 2006
CVE-2007-2319 EXPLOITDB text WORKING POC
AutoStand < 1.1 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.
CVE-2007-1699 EXPLOITDB text WORKING POC
SWmenu Component for Joomla and Mambo - Remote File Inclusion via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.
CVE-2006-5043 EXPLOITDB text WORKING POC
Joomlaboard Forum Component <1.1.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.
CVE-2007-3932 EXPLOITDB text WRITEUP
Expose RC35 - Remote Code Execution
uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.
CVE-2007-2005 EXPLOITDB text WORKING POC
Taskhopper Component for Joomla! and Mambo - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.
CVE-2007-2089 EXPLOITDB text WORKING POC
Jx Development Article Component < 1.1 - Remote File Inclusion via absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/.
CVE-2007-3583 EXPLOITDB text WORKING POC
girlserv_ads < 1.5 - SQL Injection via idnew Parameter
SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.
CVE-2008-6334 EXPLOITDB text WORKING POC
emetrix Extract Website - Path Traversal via Download Filename Parameter
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2007-1600 EXPLOITDB text WORKING POC
Digital Eye Gallery <1.1 Beta - RCE
PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
EIP-2026-101856 EXPLOITDB text WORKING POC
NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration
CVE-2003-1571 EXPLOITDB text WRITEUP
Web Wiz Guestbook 6.0 and 8.21 - Unauthenticated Sensitive Information Exposure via Direct Database Request
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
CVE-2008-5780 EXPLOITDB text WRITEUP
Forest Blog 1.3.2 - Info Disclosure
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.