HACKERS PAL - Security Researcher - Exploit Intelligence Platform

CVE-2006-4987 EXPLOITDB WORKING POC

Patrick Michaelis Wili-CMS - Remote File Inclusion via globals[content_dir] Parameter

Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php.

View Code

CVE-2006-4988 EXPLOITDB WORKING POC

Patrick Michaelis Wili-CMS - Cross-Site Scripting via Query String and globals[pageid] Parameter

Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to inject arbitrary web script or HTML via (1) the query string to relocate.php, (2) the globals[pageid] parameter in example-view/inc/print_button.php, and other unspecified vectors.

View Code

CVE-2007-5304 EXPLOITDB WORKING POC

ELSEIF CMS Beta 0.6 - Stored Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php.

View Code

CVE-2007-5305 EXPLOITDB WORKING POC

ELSEIF CMS Beta 0.6 - Remote Code Execution via PHP File Inclusion

Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.

View Code

CVE-2007-5306 EXPLOITDB WORKING POC

ELSEIF CMS Beta 0.6 - Path Traversal

ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.

View Code

CVE-2007-5311 EXPLOITDB text WORKING POC

TorrentTrader Classic Edition 1.07 - Remote File Inclusion via ss_uri Parameter

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter.

View Code

CVE-2007-5293 EXPLOITDB text WORKING POC

IDMOS 1.0-beta - Cross-Site Scripting via err_msg or content Parameter

Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php.

View Code

CVE-2005-3544 EXPLOITDB text WRITEUP

XMB 1.9.3 - Cross-Site Scripting via u2u.php Username Parameter

Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

View Code

CVE-2006-4751 EXPLOITDB text WORKING POC

Laurentiu Matei XHP CMS 0.5.1 - XSS

Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter.

View Code

CVE-2005-3682 EXPLOITDB text WORKING POC

Wizz Forum 1.20 - SQL Injection via AuthID TopicID Parameters

Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.

View Code

CVE-2006-4989 EXPLOITDB text WRITEUP

Patrick Michaelis Wili-CMS - Information Disclosure via Direct Request

Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages.

View Code

CVE-2005-3682 EXPLOITDB perl WORKING POC

Wizz Forum 1.20 - SQL Injection via AuthID TopicID Parameters

Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.

View Code

CVE-2005-3682 EXPLOITDB text WORKING POC

Wizz Forum 1.20 - SQL Injection via AuthID TopicID Parameters

Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.

View Code

CVE-2006-5104 EXPLOITDB text WORKING POC

Jelsoft vBulletin 2.x - SQL Injection

SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter.

View Code

CVE-2007-5312 EXPLOITDB text WORKING POC

TorrentTrader Classic 1.07 - Cross-Site Scripting via Color Parameter or Category Parameter

Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php.

View Code

CVE-2006-5137 EXPLOITDB php WORKING POC

Groupee UBB.threads 6.5.1.1 - Code Injection

Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.

View Code

CVE-2006-4881 EXPLOITDB text WORKING POC

David Bennett PHP-Post <= 1.0 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php.

View Code

CVE-2006-4877 EXPLOITDB php WORKING POC

David Bennett PHP-Post <1.0 - Variable Overwrite

Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.

View Code

CVE-2008-1128 EXPLOITDB text WRITEUP

phpmytourney 2 - Remote Code Execution via tourney/index.php page Parameter

PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

View Code

EIP-2026-109750 EXPLOITDB perl WORKING POC

MyBulletinBoard (MyBB) 1.03 - Multiple SQL Injections

View Code

CVE-2007-1142 EXPLOITDB text WRITEUP

Magic News Plus 1.0.2 - Cross-Site Scripting via link_parameters Parameter

Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.

View Code

CVE-2007-1142 EXPLOITDB text WORKING POC

Magic News Plus 1.0.2 - Cross-Site Scripting via link_parameters Parameter

Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.

View Code

CVE-2007-1141 EXPLOITDB php WORKING POC

Magic News Plus 1.0.2 - Remote Code Execution via php_script_path Parameter

PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.

View Code

CVE-2006-4874 EXPLOITDB text WRITEUP

Jupiter CMS - Stored Cross-Site Scripting via Multiple Language Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php.

View Code

CVE-2006-4874 EXPLOITDB text WORKING POC

Jupiter CMS - Stored Cross-Site Scripting via Multiple Language Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php.

View Code