Houssamix

55 exploits Active since Feb 2005
CVE-2008-0222 EXPLOITDB text WRITEUP
Wordpress Filemanager - Code Injection
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.
CVE-2008-0491 EXPLOITDB text WORKING POC
Fgallery - SQL Injection
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2008-0149 EXPLOITDB text WORKING POC
TUTOS 1.3 - Info Disclosure
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
EIP-2026-111313 EXPLOITDB text WORKING POC
PK-Designs PKs Movie Database 3.0.3 - Cross-Site Scripting / SQL Injection
EIP-2026-111312 EXPLOITDB text WRITEUP
PK-Designs PKs Movie Database 3.0.3 - '/index.php' SQL Injection / Cross-Site Scripting
CVE-2008-1308 EXPLOITDB text WORKING POC
Sudirman Angriawan NukeC30 3.0 - SQL Injection
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.
CVE-2008-0565 EXPLOITDB text WORKING POC
Deltascripts Php Links < 1.3 - SQL Injection
SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0566 EXPLOITDB text WORKING POC
Deltascripts Php Links - Code Injection
PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter.
CVE-2008-5226 EXPLOITDB perl WORKING POC
MambAds 1.0 RC1 - SQL Injection
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
CVE-2008-0260 EXPLOITDB text WORKING POC
Minimal Design Minimal Gallery - Improper Input Validation
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.
EIP-2026-109288 EXPLOITDB perl WORKING POC
Mambo Component Galleries 1.0 - 'aid' SQL Injection
EIP-2026-108804 EXPLOITDB text WORKING POC
Joomla! Component mygallery - 'cid' SQL Injection
CVE-2007-4922 EXPLOITDB text WORKING POC
Jeuxflash Module - SQL Injection
SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information.
CVE-2008-1759 EXPLOITDB text WORKING POC
KwsPHP - SQL Injection
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.
CVE-2007-4979 EXPLOITDB text WORKING POC
Kwsphp - SQL Injection
SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2.
CVE-2008-2454 EXPLOITDB perl WORKING POC
Joomla Com Xsstream-dm - SQL Injection
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
EIP-2026-108837 EXPLOITDB perl WORKING POC
Joomla! Component QuickTime VR 0.1 - SQL Injection
CVE-2007-6663 EXPLOITDB text WORKING POC
Pragmatic Utopia PU Arcade <2.1.3 - SQL Injection
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.
CVE-2008-1849 EXPLOITDB text WORKING POC
Mambo/Joomla! <1.6.2 - Path Traversal
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2008-4764 EXPLOITDB text WORKING POC
Com Extplorer < 2.0.0 - Path Traversal
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
EIP-2026-108678 EXPLOITDB perl WORKING POC
Joomla! Component is 1.0.1 - Multiple SQL Injections
EIP-2026-108201 EXPLOITDB perl WORKING POC
Joomla! Component altas 1.0 - Multiple SQL Injections
CVE-2008-0425 EXPLOITDB text WRITEUP
Frimousse - Access Control
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
CVE-2008-0468 EXPLOITDB text WORKING POC
Flinx < 1.3 - SQL Injection
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0745 EXPLOITDB text WORKING POC
Domphp - Path Traversal
Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.