InATeam

11 exploits Active since Sep 2007
CVE-2007-5231 EXPLOITDB php WORKING POC
Zomplog <= 3.8.1 - Authenticated Arbitrary File Upload via admin/upload_files.php
Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2007-5230.
CVE-2007-5230 EXPLOITDB php WORKING POC
Zomplog <= 3.8.1 - Unauthenticated Administrative Action Execution via Direct Request
admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
CVE-2007-5643 EXPLOITDB php WORKING POC
Lussumo Vanilla < 1.1.3 - SQL Injection via CategoryID Parameter
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
CVE-2007-4932 EXPLOITDB php WORKING POC
Shop-Script < 2.0 - Unauthenticated Admin Panel Access via Improper Redirect Handling
admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel.
CVE-2007-5278 EXPLOITDB php WORKING POC
zomplog <= 3.8.1 - Unauthenticated Sensitive Information Exposure via Upload Directory
Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.
EIP-2026-114415 EXPLOITDB php WORKING POC
xBtiTracker - SQL Injection
CVE-2007-5644 EXPLOITDB php WORKING POC
Lussumo Vanilla < 1.1.3 - Unauthenticated Unauthorized Sort Operations
Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities.
CVE-2007-4933 EXPLOITDB php WORKING POC
Shop-Script FREE <= 2.0 - Remote Code Execution via Appearance Configuration Parameters
Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters.
CVE-2007-6202 EXPLOITDB php WORKING POC
Neocrome Seditio CMS <121 - SQL Injection
SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php.
CVE-2008-1513 EXPLOITDB php WORKING POC
Danneo CMS < 0.5.1 - SQL Injection via HTTP Referer Header
SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
CVE-2008-3784 EXPLOITDB text WORKING POC
BtiTracker <1.4.7, xBtiTracker <2.0.542 - SQL Injection
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.