Giovanni Buzzin, "Osirys"

4 exploits Active since Apr 2009
CVE-2011-10009 EXPLOITDB HIGH text WRITEUP
S40 CMS 0.4.2 - Unauthenticated Path Traversal via Index.php p Parameter
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
CVE-2009-1314 EXPLOITDB text WORKING POC
Web File Explorer 3.1 - Remote Code Execution via File Parameter in savefile Action
body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.
CVE-2009-1323 EXPLOITDB text WORKING POC
Web File Explorer 3.1 - SQL Injection via id Parameter
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-107005 EXPLOITDB text WORKING POC
EZ-Shop 1.02 - Lateral SQL Injection