Houssamix

55 exploits Active since Feb 2005
CVE-2008-0222 EXPLOITDB text WRITEUP
Wp-FileManager 1.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ajaxfilemanager.php
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.
CVE-2008-0491 EXPLOITDB text WORKING POC
fGallery 2.4.1 - SQL Injection via Album Parameter
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2008-0149 EXPLOITDB text WORKING POC
TUTOS 1.3 - Information Exposure via phpinfo.php
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
EIP-2026-111313 EXPLOITDB text WORKING POC
PK-Designs PKs Movie Database 3.0.3 - Cross-Site Scripting / SQL Injection
EIP-2026-111312 EXPLOITDB text WRITEUP
PK-Designs PKs Movie Database 3.0.3 - '/index.php' SQL Injection / Cross-Site Scripting
CVE-2008-1308 EXPLOITDB text WORKING POC
Sudirman Angriawan NukeC30 3.0 - SQL Injection
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.
CVE-2008-0565 EXPLOITDB text WORKING POC
DeltaScripts PHP Links < 1.3 - SQL Injection via vote.php id Parameter
SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0566 EXPLOITDB text WORKING POC
DeltaScripts PHP Links 1.3 - Remote Code Execution via full_path_to_public_program Parameter
PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter.
CVE-2008-5226 EXPLOITDB perl WORKING POC
MambAds 1.0 RC1 Beta and 1.0 RC1 - SQL Injection via ma_cat Parameter
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
CVE-2008-0260 EXPLOITDB text WORKING POC
minimal Gallery 0.8 - Information Exposure via php_info.php
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.
EIP-2026-109288 EXPLOITDB perl WORKING POC
Mambo Component Galleries 1.0 - 'aid' SQL Injection
EIP-2026-108804 EXPLOITDB text WORKING POC
Joomla! Component mygallery - 'cid' SQL Injection
CVE-2007-4922 EXPLOITDB text WORKING POC
jeuxflash_module 1.0 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information.
CVE-2008-1759 EXPLOITDB text WORKING POC
jeuxflash_module for KwsPHP - SQL Injection via cat Parameter
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.
CVE-2007-4979 EXPLOITDB text WORKING POC
KwsPHP 1.0 - SQL Injection via Sondages Module id Parameter
SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2.
CVE-2008-2454 EXPLOITDB perl WORKING POC
Joomla com_xsstream-dm 0.01 Beta - SQL Injection via Movie Parameter
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
EIP-2026-108837 EXPLOITDB perl WORKING POC
Joomla! Component QuickTime VR 0.1 - SQL Injection
CVE-2007-6663 EXPLOITDB text WORKING POC
Pragmatic Utopia PU Arcade <2.1.3 - SQL Injection
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.
CVE-2008-1849 EXPLOITDB text WORKING POC
Mambo/Joomla! <1.6.2 - Path Traversal
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2008-4764 EXPLOITDB text WORKING POC
com_extplorer < 2.0.0 - Path Traversal via Dir Parameter in Show Error Action
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
EIP-2026-108678 EXPLOITDB perl WORKING POC
Joomla! Component is 1.0.1 - Multiple SQL Injections
EIP-2026-108201 EXPLOITDB perl WORKING POC
Joomla! Component altas 1.0 - Multiple SQL Injections
CVE-2008-0425 EXPLOITDB text WRITEUP
Frimousse 0.0.2 - Unauthenticated Absolute Path Traversal via explorerdir.php name Parameter
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
CVE-2008-0468 EXPLOITDB text WORKING POC
flinx < 1.3 - SQL Injection via category.php id Parameter
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0745 EXPLOITDB text WORKING POC
DomPHP 0.82 - Path Traversal via Page Parameter
Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.