James Bercegay

104 exploits Active since Mar 2004
CVE-2004-1569 EXPLOITDB text WRITEUP
dBpowerAMP Audio Player and Music Converter - Buffer Overflow via Long Filename in Playlist
Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields.
CVE-2005-1806 EXPLOITDB text WRITEUP
PeerCast < 0.1211 - Remote Code Execution via Format String in URL
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
CVE-2005-2414 EXPLOITDB text WRITEUP
xpcom - Denial of Service via Nested DIV Tags
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
CVE-2005-2112 EXPLOITDB text WRITEUP
XOOPS <= 2.0.11 - Cross-Site Scripting via Order or CID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.
CVE-2006-4904 EXPLOITDB text WRITEUP
Qualiteam X-Cart < 4.1.3 - Remote Code Execution via cmpi.php Dynamic Variable Evaluation
Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
CVE-2005-2108 EXPLOITDB perl WORKING POC
WordPress <= 1.5.1.2 - SQL Injection via HTTP_RAW_POST_DATA
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
CVE-2004-1420 EXPLOITDB text WRITEUP
WHM AutoPilot <= 2.4.6.5 - Cross-Site Scripting via site_title or http_images Parameter
Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.
EIP-2026-113012 EXPLOITDB text WRITEUP
vBulletin < 3.0.0 RC4 - Cross Site Scripting
CVE-2008-3369 EXPLOITDB text WRITEUP
ViArt Shop < 3.5 - SQL Injection via products_rss.php category_id Parameter
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2005-3819 EXPLOITDB text WRITEUP
vtiger CRM < 4.2 - SQL Injection via HelpDesk user_name and date Parameters
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.
CVE-2008-5920 EXPLOITDB text WRITEUP
WebSVN 1.x - Remote Code Execution via Username preg_replace Eval Switch
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
CVE-2008-3768 EXPLOITDB text WRITEUP
Turnkey Web Tools SunShop <4.1.5 - SQL Injection
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
EIP-2026-112532 EXPLOITDB ruby WORKING POC
Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)
CVE-2005-2095 EXPLOITDB text WRITEUP
SquirrelMail <= 1.4.4 - Remote Code Execution via Extract Function
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
CVE-2006-4019 EXPLOITDB text WRITEUP
SquirrelMail <1.4.7 - Code Injection
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
CVE-2005-0270 EXPLOITDB text WRITEUP
ReviewPost PHP Pro < 2.84 - Cross-Site Scripting via si, cat, page, or report Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.
CVE-2008-3563 EXPLOITDB text WRITEUP
Plogger <= 3.0 - SQL Injection via checked Parameter
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.
EIP-2026-111436 EXPLOITDB text WRITEUP
PostNuke < 0.726 Phoenix - Multiple Vulnerabilities
CVE-2008-7091 EXPLOITDB text WRITEUP
Pligg CMS < 9.9.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
CVE-2005-1921 EXPLOITDB text WORKING POC
PEAR XML_RPC < 1.3.0 and PHPXMLRPC < 1.1 - Remote Code Execution via Unsanitized XML Input
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2004-2364 EXPLOITDB text WRITEUP
PHPX 3.0-3.2.6 - Cross-Site Request Forgery via Admin URL Execution
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
EIP-2026-111066 EXPLOITDB text WRITEUP
phpGedView < 2.65 beta 5 - Multiple Vulnerabilities
EIP-2026-110973 EXPLOITDB text WRITEUP
phpBB < 2.0.6d - Cross Site Scripting
CVE-2006-1032 EXPLOITDB text WORKING POC
phpRPC <= 0.7 - Remote Code Execution via Base64 Tag in RPC Decoder
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
EIP-2026-111206 EXPLOITDB text WRITEUP
phpShop < 0.6.1-b - Multiple Vulnerabilities