GulfTech Security

165 exploits Active since Mar 2004
CVE-2008-3758 EXPLOITDB text WORKING POC
Lussumo Vanilla <1.1.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information.
CVE-2004-1420 EXPLOITDB text WRITEUP
WHM Autopilot - XSS
Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.
EIP-2026-113012 EXPLOITDB text WRITEUP
vBulletin < 3.0.0 RC4 - Cross Site Scripting
CVE-2008-3369 EXPLOITDB text WRITEUP
ViArt Shop <3.5 - SQL Injection
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2008-5920 EXPLOITDB text WRITEUP
WebSVN 1.x - RCE
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
CVE-2008-6970 EXPLOITDB text WORKING POC
Ubbcentral Ubb.threads < 7.3.1 - SQL Injection
SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.
CVE-2004-1923 EXPLOITDB text WRITEUP
Tikiwiki Cms/groupware < 1.8.1 - Information Disclosure
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.
CVE-2005-2058 EXPLOITDB text WRITEUP
Ubbcentral Ubb.threads - SQL Injection
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVE-2005-2058 EXPLOITDB text WRITEUP
Ubbcentral Ubb.threads - SQL Injection
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVE-2005-2058 EXPLOITDB text WRITEUP
Ubbcentral Ubb.threads - SQL Injection
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVE-2005-2058 EXPLOITDB text WRITEUP
Ubbcentral Ubb.threads - SQL Injection
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVE-2005-2058 EXPLOITDB text WORKING POC
Ubbcentral Ubb.threads - SQL Injection
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVE-2005-2058 EXPLOITDB text WRITEUP
Ubbcentral Ubb.threads - SQL Injection
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVE-2005-2058 EXPLOITDB text WRITEUP
Ubbcentral Ubb.threads - SQL Injection
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVE-2008-3768 EXPLOITDB text WRITEUP
Turnkey Web Tools SunShop <4.1.5 - SQL Injection
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
EIP-2026-112533 EXPLOITDB text WRITEUP
Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities
CVE-2004-1225 EXPLOITDB text WRITEUP
Sugarcrm - SQL Injection
SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.
CVE-2004-1227 EXPLOITDB text WORKING POC
Sugarcrm Sugar Sales < 2.0.1c - Path Traversal
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.
CVE-2005-4891 EXPLOITDB CRITICAL perl WORKING POC
Simple Machine Forum <1.0.4 - SQL Injection
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
CVSS 9.8
EIP-2026-112194 EXPLOITDB text WORKING POC
SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities
CVE-2006-4019 EXPLOITDB text WRITEUP
SquirrelMail <1.4.7 - Code Injection
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
CVE-2005-2095 EXPLOITDB text WRITEUP
Squirrelmail - XSS
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
CVE-2005-0270 EXPLOITDB text WRITEUP
Photopost Reviewpost Php Pro < 2.84 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.
EIP-2026-111826 EXPLOITDB text WORKING POC
RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection
EIP-2026-111436 EXPLOITDB text WRITEUP
PostNuke < 0.726 Phoenix - Multiple Vulnerabilities