IRCRASH (R3d.W0rm (Sina Yazdanmehr))

12 exploits Active since Sep 2006
CVE-2008-3918 EXPLOITDB WORKING POC
Ovidentia 6.6.5 - SQL Injection via Search Field Parameter
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5016 EXPLOITDB WORKING POC
e-Vision CMS - Unauthenticated Arbitrary File Upload via admin/x_image.php
Unrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory.
CVE-2008-6982 EXPLOITDB python WORKING POC
devalcms 1.4a - Cross-Site Scripting via currentpath Parameter
Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.
CVE-2008-3720 EXPLOITDB text WORKING POC
DMCMS 0.7.4 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
CVE-2007-5679 EXPLOITDB text WORKING POC
DeeEmm.com DM CMS 0.7.0.Beta and 0.7.4 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected.
CVE-2008-4080 EXPLOITDB text WRITEUP
Stash 1.0.3 - SQL Injection via Username or Download Parameter
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information.
CVE-2008-4423 EXPLOITDB text WORKING POC
Ovidentia 6.6.5 - SQL Injection via Item Parameter in Contact Modify Action
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
CVE-2008-7005 EXPLOITDB python WORKING POC
Minb Is Not a Blog 0.1.0 - Remote Code Execution via quotes_to_edit Parameter
include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution.
CVE-2008-0856 EXPLOITDB text WORKING POC
e-Vision CMS 2.02 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6983 EXPLOITDB python WORKING POC
devalcms 1.4a - Remote Code Execution via HTTP Referer Header
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.
CVE-2008-3721 EXPLOITDB text WORKING POC
DeeEmm CMS 0.7.4 - Remote Code Execution via Language Directory Parameter
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
CVE-2008-5787 EXPLOITDB text WRITEUP
Arab Portal 2.1 - Path Traversal via mod.php file Parameter
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.