HauntIT Blog

5 exploits Active since Mar 2014
CVE-2014-2088 EXPLOITDB WORKING POC
ILIAS 4.4.1 - Authenticated Arbitrary File Upload and Remote Code Execution via .php File Upload
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.
CVE-2014-2089 EXPLOITDB WORKING POC
ILIAS 4.4.1 - Remote Code Execution
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
EIP-2026-113273 EXPLOITDB text WORKING POC
webERP 4.11.3 - 'SalesInquiry.php?SortBy' SQL Injection
EIP-2026-110799 EXPLOITDB text WORKING POC
PHP-CMDB 0.7.3 - Multiple Vulnerabilities
CVE-2014-2090 EXPLOITDB text WORKING POC
ILIAS 4.4.1 - Authenticated Cross-Site Scripting via tar, tar_val, or title Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.