James Bercegay

104 exploits Active since Mar 2004
CVE-2006-0887 EXPLOITDB text WRITEUP
PHPLib < 7.4a - Remote Code Execution via Base64-Encoded Cookie
Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.
CVE-2006-1032 EXPLOITDB text WORKING POC
phpRPC <= 0.7 - Remote Code Execution via Base64 Tag in RPC Decoder
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
EIP-2026-111206 EXPLOITDB text WRITEUP
phpShop < 0.6.1-b - Multiple Vulnerabilities
CVE-2006-0869 EXPLOITDB text WRITEUP
PEAR LiveUser <= 0.16.8 - Directory Traversal via Remember Me Cookie
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
CVE-2004-1423 EXPLOITDB text WRITEUP
php-calendar < 0.10.1 - Remote Code Execution via phpc_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
CVE-2008-3764 EXPLOITDB text WRITEUP
Turnkey PHP Live Helper <2.0.1 - Code Injection
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.
EIP-2026-110622 EXPLOITDB text WRITEUP
PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities
CVE-2005-0273 EXPLOITDB text WRITEUP
PhotoPost PHP Pro < 4.85 - SQL Injection via cat or ppuser Parameter
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
CVE-2004-1870 EXPLOITDB text WRITEUP
PhotoPost PHP Pro 4.6.x - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
EIP-2026-110609 EXPLOITDB text WRITEUP
Phorum < 5.0.3 Beta - Cross Site Scripting
EIP-2026-110533 EXPLOITDB text WORKING POC
PEAR XML_RPC < 1.3.0 - Remote Code Execution
CVE-2004-1965 EXPLOITDB text WRITEUP
Open Bulletin Board <= 1.0.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
EIP-2026-110382 EXPLOITDB text WRITEUP
osCommerce < 2.2-MS2 - Multiple Vulnerabilities
CVE-2005-2468 EXPLOITDB perl WORKING POC
MySQL Eventum <= 1.5.5 - SQL Injection via Multiple Functions
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
CVE-2006-0871 EXPLOITDB text WRITEUP
Mambo 4.5.3, 4.5.3h - Path Traversal via mos_change_template Parameter
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.
EIP-2026-109275 EXPLOITDB text WRITEUP
Mambo < 4.5.4 - SQL Injection
EIP-2026-109274 EXPLOITDB text WRITEUP
Mambo < 4.5 - Multiple Vulnerabilities
EIP-2026-107921 EXPLOITDB text WRITEUP
Invision Power Board (IP.Board) < 1.3 - SQL Injection
EIP-2026-107938 EXPLOITDB text WRITEUP
Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection (PoC)
Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection (PoC)
EIP-2026-107937 EXPLOITDB text WRITEUP
Invision Power Top Site List < 1.1 RC 2 - SQL Injection
CVE-2005-1597 EXPLOITDB text WRITEUP
Invision Power Board <= 2.0.3 - Cross-Site Scripting via Highlite Parameter
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
EIP-2026-107923 EXPLOITDB text WRITEUP
Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC)
EIP-2026-107922 EXPLOITDB text WRITEUP
Invision Power Board (IP.Board) < 1.3.1 - Design Error
CVE-2004-1835 EXPLOITDB text WRITEUP
Invision Gallery 1.0.1 - SQL Injection via img/cat/sort_key/order_key/user/album Parameters
Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.
CVE-2006-1127 EXPLOITDB text WRITEUP
Gallery 2 up to 2.0.2 - Cross-Site Scripting via X-Forwarded-For Header
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.