Don Tukulesto

22 exploits Active since Sep 2009
CVE-2010-1949 EXPLOITDB text WRITEUP
com_jnewspaper 1.0 - SQL Injection via cid Parameter
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information.
EIP-2026-112481 EXPLOITDB text WRITEUP
Sunbyte e-Flower - SQL Injection
EIP-2026-111331 EXPLOITDB text WORKING POC
Pligg CMS 1.0.4 - 'story.php' SQL Injection
EIP-2026-110394 EXPLOITDB text WORKING POC
OSI Codes PHP Live! Support 3.1 - Remote File Inclusion
CVE-2009-4604 EXPLOITDB text WORKING POC
Fernando Soares Mamboleto <2.0 RC3 - RCE
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-3835 EXPLOITDB text WORKING POC
JShop - SQL Injection via pid Parameter
SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.
CVE-2010-1873 EXPLOITDB text WRITEUP
com_jvehicles 1.0, 2.0, and 2.1111 - SQL Injection via aid Parameter
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-4217 EXPLOITDB text WORKING POC
Joomla! MusicGallery - SQL Injection
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1950 EXPLOITDB text WRITEUP
com_jnewspaper 1.0 - SQL Injection via date_info Parameter
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4785 EXPLOITDB text WORKING POC
Joomla! com_quicknews - SQL Injection
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php.
EIP-2026-108843 EXPLOITDB perl WORKING POC
Joomla! Component Recerca - SQL Injection
EIP-2026-108915 EXPLOITDB python WORKING POC
Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion
EIP-2026-108932 EXPLOITDB text WORKING POC
jSchool Advanced - Blind SQL Injection
CVE-2009-4784 EXPLOITDB text WORKING POC
Joaktree com_joaktree 1.0 - SQL Injection via treeId Parameter
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php.
CVE-2009-3434 EXPLOITDB text WORKING POC
com_tupinambis 1.0 - SQL Injection via Proyecto Parameter
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.
EIP-2026-108518 EXPLOITDB text WORKING POC
Joomla! Component com_rsappt_pro2 - Local File Inclusion
EIP-2026-106083 EXPLOITDB text WORKING POC
CommodityRentals CD Rental Software - 'index.php' SQL Injection
EIP-2026-105489 EXPLOITDB text WORKING POC
Bitrix Site Manager 4.0.5 - Remote File Inclusion
CVE-2010-0762 EXPLOITDB text WORKING POC
CommodityRentals CD Rental Software - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
CVE-2010-0761 EXPLOITDB text WORKING POC
CommodityRentals Books/eBooks Rentals Script - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.
CVE-2010-4774 EXPLOITDB text WORKING POC
AuraCMS 1.62 - SQL Injection via pdf.php id Parameter
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.
CVE-2009-3333 EXPLOITDB text WORKING POC
alibasta com_koesubmit - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.