Hessam-x

26 exploits Active since Jan 2006
CVE-2006-0206 EXPLOITDB perl WORKING POC
Light Weight Calendar (LWC) <1.0 - Code Injection
Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.
CVE-2007-1725 EXPLOITDB perl WORKING POC
IceBB 1.0-rc5 - Authenticated SQL Injection via Avatar Upload Filename
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.
CVE-2006-6340 EXPLOITDB c WORKING POC
nVIDIA nView - Denial of Service via Long Command Line Argument
keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. NOTE: it is not clear whether this issue crosses security boundaries. If not, then this is not a vulnerability.
CVE-2006-4418 EXPLOITDB perl WORKING POC
Wikepage 2006.2a Opus 10 - Directory Traversal via lng Parameter
Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.
CVE-2006-4709 EXPLOITDB text WRITEUP
Vikingboard 0.1b - SQL Injection via Topic s Parameter
SQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands via the s parameter.
CVE-2006-4708 EXPLOITDB text WRITEUP
Vikingboard 0.1b - Cross-Site Scripting via act and p Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php.
CVE-2006-4708 EXPLOITDB text WRITEUP
Vikingboard 0.1b - Cross-Site Scripting via act and p Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php.
EIP-2026-112715 EXPLOITDB text WORKING POC
TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (1)
CVE-2006-7063 EXPLOITDB perl WORKING POC
tinyphpforum < 3.6 - Directory Traversal and Arbitrary File Execution via Profile UName Parameter
Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.
EIP-2026-111687 EXPLOITDB perl WORKING POC
RCblog 1.03 - 'POST' Remote Command Execution
EIP-2026-111686 EXPLOITDB perl WORKING POC
RCBlog 1.0.3 - 'index.php' Directory Traversal
EIP-2026-110518 EXPLOITDB perl WORKING POC
PBlang 4.66z - Remote Code Execution
EIP-2026-110519 EXPLOITDB perl WORKING POC
PBlang 4.66z - Remote Create Admin
CVE-2006-5145 EXPLOITDB text WRITEUP
OlateDownload 3.4.0 - SQL Injection
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
CVE-2006-5145 EXPLOITDB text WRITEUP
OlateDownload 3.4.0 - SQL Injection
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
EIP-2026-109751 EXPLOITDB perl WORKING POC
MyBulletinBoard (MyBB) 1.1.3 - 'usercp.php' Create Admin
CVE-2006-1252 EXPLOITDB perl WORKING POC
Light Weight Calendar (LWC) 1.0 - Code Injection
Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.
CVE-2006-1919 EXPLOITDB perl WORKING POC
Internet Photoshow 1.3 - Remote File Inclusion via Page Parameter
PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-4497 EXPLOITDB text WRITEUP
IwebNegar 1.1 - SQL Injection via Comments.php id Parameter
SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1725 EXPLOITDB perl WORKING POC
IceBB 1.0-rc5 - Authenticated SQL Injection via Avatar Upload Filename
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.
CVE-2007-1726 EXPLOITDB perl WORKING POC
IceBB 1.0-rc5 - Authenticated Arbitrary File Upload via Avatar Function
Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.
EIP-2026-107501 EXPLOITDB perl WORKING POC
GreyMatter WebLog 1.21d - Remote Command Execution (2)
CVE-2006-0660 EXPLOITDB perl WORKING POC
FarsiNews 2.5 - Directory Traversal and Arbitrary File Read via Archive Parameter
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
EIP-2026-106809 EXPLOITDB perl WORKING POC
EJ3 TOPo 2.2 - 'descripcion' Remote Command Execution
CVE-2006-3304 EXPLOITDB perl WORKING POC
deluxebb < 1.07 - SQL Injection via cp.php xmsn Parameter
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.