Eugene Minaev

18 exploits Active since Mar 2006
CVE-2008-7156 EXPLOITDB text WORKING POC
ekinboard < 1.1.0 - Unauthenticated Privilege Escalation via _groups Parameter
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
CVE-2008-0140 EXPLOITDB text WORKING POC
Uebimiau Webmail 2.7.10 and 2.7.2 - Authenticated Path Traversal via Selected Theme Parameter
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
CVE-2008-0138 EXPLOITDB text WORKING POC
XOOPS mod_gallery - Remote File Inclusion via GALLERY_BASEDIR Parameter
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
CVE-2008-0210 EXPLOITDB text WORKING POC
Uebimiau Webmail 2.7.10 and 2.7.2 - Unauthenticated Authentication Bypass via sess[auth] Parameter
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.
EIP-2026-112446 EXPLOITDB text WORKING POC
Strawberry 1.1.1 - 'html.php' Remote Code Execution
CVE-2008-0147 EXPLOITDB perl WORKING POC
SmallNuke 2.0.4 - SQL Injection via User Email Parameter
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.
CVE-2008-0224 EXPLOITDB perl WORKING POC
RunCMS 1.6.1 - SQL Injection via Client-Ip Parameter
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.
CVE-2008-0139 EXPLOITDB text WORKING POC
loudblog < 0.8.0 - Remote Code Execution via Template Parameter
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.
EIP-2026-107913 EXPLOITDB text WORKING POC
Invision Power Board (IP.Board) 2.1.7 - 'ACTIVE' Cross-Site Scripting / SQL Injection
CVE-2006-1260 EXPLOITDB text WORKING POC
Horde Application Framework 3.0.9 - Info Disclosure
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
CVE-2008-0255 EXPLOITDB perl WORKING POC
iGaming CMS <= 1.3.1 - SQL Injection via Section Parameter
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVE-2008-0159 EXPLOITDB perl WORKING POC
eggblog < 3.1.0 - SQL Injection via eggblogpassword Cookie Parameter
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
CVE-2008-0157 EXPLOITDB perl WORKING POC
FlexBB < 0.6.3 - SQL Injection via flexbb_temp_id Cookie Parameter
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.
CVE-2008-7157 EXPLOITDB text WORKING POC
ekinboard < 1.1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Avatar File Extension Bypass
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.
CVE-2008-4557 EXPLOITDB text WORKING POC
CuteNews 1.1.1 - Remote Code Execution via Text Parameter in Highlight Plugin
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.
CVE-2008-7210 EXPLOITDB text WORKING POC
AJchat 0.10 - SQL Injection via Numeric Parameter Hash Bypass
directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in AJChat.
CVE-2008-0387 EXPLOITDB php WORKING POC
Firebird < 1.0.3, 1.5.x < 1.5.6, 2.0.x < 2.0.4, 2.1.x < 2.1.0 RC1 - Remote Code Execution via Crafted XDR Requests
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
CVE-2008-7203 EXPLOITDB php WORKING POC
Valve Software Half-Life Counter-Strike 1.6 - DoS
Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets.