James Bercegay

103 exploits Active since Mar 2004
CVE-2008-3374 EXPLOITDB text WORKING POC
Gregarius <0.5.4 - SQL Injection
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
CVE-2006-0823 EXPLOITDB text WRITEUP
Geeklog - SQL Injection
Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.
EIP-2026-106661 EXPLOITDB text WRITEUP
e107 < 0.7.11 - Arbitrary Variable Overwriting
CVE-2006-4525 EXPLOITDB text WRITEUP
Devellion Cubecart < 3.0.12 - XSS
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.
CVE-2008-6394 EXPLOITDB text WRITEUP
Cs-cart < 1.3.5 - SQL Injection
SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.
CVE-2008-3845 EXPLOITDB text WRITEUP
Crafty Syntax Live Help <2.14.6 - SQL Injection
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.
CVE-2006-4844 EXPLOITDB text WRITEUP
Claroline <1.7.7 - RCE
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
CVE-2005-1642 EXPLOITDB text WRITEUP
Woltlab Burning Board - SQL Injection
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
CVE-2005-1200 EXPLOITDB text WRITEUP
AZ Bulletin Board <1.0.07c - RCE
PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code.
EIP-2026-105322 EXPLOITDB text WRITEUP
AutoRank PHP < 2.0.4 - SQL Injection (PoC)
EIP-2026-104882 EXPLOITDB text WRITEUP
Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities
CVE-2008-5090 EXPLOITDB text WRITEUP
Anelectron Advanced Electron Forum < 1.0.6 - Code Injection
Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
CVE-2006-0806 EXPLOITDB text WRITEUP
John LIM Adodb - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.
EIP-2026-104628 EXPLOITDB text WRITEUP
MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities
EIP-2026-104259 EXPLOITDB text WRITEUP
FTP Service < 1.2 - Multiple Vulnerabilities
EIP-2026-104493 EXPLOITDB text WRITEUP
WinMX < 2.6 - Design Error
EIP-2026-104441 EXPLOITDB text WRITEUP
Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities
EIP-2026-104395 EXPLOITDB text WORKING POC
phpLinks < 2.1.2 - Multiple Vulnerabilities
EIP-2026-104394 EXPLOITDB text WRITEUP
PHP Topsites < 2.2 - Multiple Vulnerabilities
EIP-2026-104389 EXPLOITDB text WRITEUP
P-Synch < 6.2.5 - Multiple Vulnerabilities
EIP-2026-104336 EXPLOITDB text WRITEUP
MegaBrowser < 0.71b - Multiple Vulnerabilities
EIP-2026-104334 EXPLOITDB text WRITEUP
Max Web Portal < 1.30 - Multiple Vulnerabilities
EIP-2026-103339 EXPLOITDB ruby WORKING POC
Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)
CVE-2008-6985 EXPLOITDB text WRITEUP
Zen-cart Zen Cart - SQL Injection
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
EIP-2026-101241 EXPLOITDB text WRITEUP
D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access