James Bercegay

104 exploits Active since Mar 2004
CVE-2018-25120 WRITEUP CRITICAL WRITEUP
D-Link DNS-343 ShareCenter <1.05 - Command Injection
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.
CVSS 9.8
CVE-2005-2113 EXPLOITDB WRITEUP
XOOPS <= 2.0.11 - SQL Injection via XMLRPC LoginUser Function
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
CVE-2004-1422 EXPLOITDB WRITEUP
WHM AutoPilot <2.4.6.5 - Info Disclosure
WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings.
CVE-2004-1421 EXPLOITDB WRITEUP
WHM AutoPilot <= 2.4.6.5 - Remote File Inclusion via server_inc Parameter
Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code.
CVE-2005-0272 EXPLOITDB WRITEUP
ReviewPost PHP Pro < 2.84 - Unauthenticated Arbitrary File Upload via Multiple Extensions Bypass
ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions.
CVE-2005-0271 EXPLOITDB WRITEUP
ReviewPost PHP Pro < 2.84 - SQL Injection via showcat.php cat Parameter or addfav.php product Parameter
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php.
CVE-2008-6968 EXPLOITDB WRITEUP
Pligg CMS 9.9.5 - SQL Injection via Category or ID Parameter
Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.
CVE-2006-2826 EXPLOITDB WRITEUP
PHPLib < 7.4a - SQL Injection via id Variable
SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a query string or a cookie.
CVE-2005-0274 EXPLOITDB WRITEUP
PhotoPost PHP Pro < 4.85 - Cross-Site Scripting via showgallery.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters.
CVE-2004-1871 EXPLOITDB WRITEUP
PhotoPost PHP Pro 4.6.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.
CVE-2006-1794 EXPLOITDB WRITEUP
Mambo < 4.5.3h - SQL Injection via mosGetParam and mosMenuCheck Functions
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).
CVE-2005-1598 EXPLOITDB WRITEUP
Invision Power Board <= 2.0.3 - SQL Injection via Cookie Password Hash
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
CVE-2005-1674 EXPLOITDB MEDIUM WRITEUP
Help Center Live - Cross-Site Request Forgery via view.php
Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.
CVSS 6.5
CVE-2005-1673 EXPLOITDB WRITEUP
Help Center Live - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php.
CVE-2006-1128 EXPLOITDB WRITEUP
Gallery 2 up to 2.0.2 - Directory Traversal via Session Cookie
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
CVE-2005-1201 EXPLOITDB WRITEUP
AZ Bulletin board <1.0.08 - Path Traversal
Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.
CVE-2018-25120 EXPLOITDB CRITICAL text WRITEUP
D-Link DNS-343 ShareCenter <1.05 - Command Injection
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.
CVSS 9.8
CVE-2008-7090 EXPLOITDB text WRITEUP
Pligg CMS < 9.9 - Path Traversal via Trackback URL or Template Parameter
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.
CVE-2008-7089 EXPLOITDB text WRITEUP
Pligg CMS < 9.9.0 - Cross-Site Scripting via Search Keyword Parameter
Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.
CVE-2008-3763 EXPLOITDB text WRITEUP
Turnkey PHP Live Helper <2.0.1 - Code Injection
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.
CVE-2008-3762 EXPLOITDB text WRITEUP
Turnkey PHP Live Helper <2.0.1 - SQL Injection
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
CVE-2008-5919 EXPLOITDB text WRITEUP
WebSVN < 2.0 - Path Traversal and Arbitrary File Write via RSS Rev Parameter
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
CVE-2008-5918 EXPLOITDB text WRITEUP
WebSVN <= 2.0 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
EIP-2026-118031 EXPLOITDB text WRITEUP
Trillian Pro < 2.01 - Design Error
CVE-2004-1417 EXPLOITDB text WRITEUP
Psychostats < 2.2.4 - Cross-Site Scripting via Login Parameter
Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.