Don

13 exploits Active since Aug 2007
CVE-2008-7042 EXPLOITDB text WRITEUP
FreshScripts Fresh Email Script 1.0-1.11 - Remote Code Execution via tmp_sid Parameter
PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter.
EIP-2026-112840 EXPLOITDB text WORKING POC
u-Auctions - Multiple Vulnerabilities
EIP-2026-111996 EXPLOITDB text WRITEUP
SePortal 2.5 - SQL Injection (1)
CVE-2007-4653 EXPLOITDB perl WORKING POC
phpBB Links MOD < 1.2.2 - SQL Injection via Start Parameter
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.
EIP-2026-110664 EXPLOITDB text WRITEUP
PHP City Portal Script Software - SQL Injection
CVE-2007-6668 EXPLOITDB text WRITEUP
MySpace Content Zone <3.x - Unrestricted File Upload
admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file.
CVE-2008-0832 EXPLOITDB text WORKING POC
Kemas Antonius com_quran < 1.1 - SQL Injection via surano Parameter
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
CVE-2008-1297 EXPLOITDB text WORKING POC
eWriting 1.2.1 - SQL Injection via cat Parameter
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
EIP-2026-108501 EXPLOITDB text WRITEUP
Joomla! Component com_qcontacts 1.0.6 - SQL Injection
CVE-2008-7043 EXPLOITDB text WRITEUP
FreshScripts Fresh Email Script 1.0-1.11 - Cross-Site Scripting via Email Parameter
Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: this can be leveraged to modify cookies and conduct session fixation attacks.
CVE-2008-3708 EXPLOITDB text WORKING POC
dotcms 1.6.0.9 - Path Traversal via ID Parameter
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
EIP-2026-105130 EXPLOITDB text WRITEUP
Alstrasoft EPay Enterprise 4.0 - Blind SQL Injection
CVE-2007-4647 EXPLOITDB text WRITEUP
2coolcode Our Space 2.0.9 - Arbitrary File Upload via uploadmedia.cgi
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.