Janek Vind

58 exploits Active since Feb 2004
CVE-2008-0506 METASPLOIT ruby WORKING POC
Coppermine Photo Gallery < 1.4.14 - Remote Code Execution via ImageMagick Picture Processing Parameters
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
CVE-2004-0322 EXPLOITDB text WORKING POC
XMB 1.8 Final SP2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
CVE-2004-0323 EXPLOITDB text WRITEUP
XMB 1.8 Final SP2 - SQL Injection via ppp/tpp/ascdesc/desc/addon Parameters
Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.
CVE-2004-0322 EXPLOITDB text WORKING POC
XMB 1.8 Final SP2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
CVE-2004-0322 EXPLOITDB text WORKING POC
XMB 1.8 Final SP2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
CVE-2004-1821 EXPLOITDB text WRITEUP
4nalbum 0.92 - SQL Injection via gid Parameter
SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.
CVE-2009-3787 EXPLOITDB text WORKING POC
Vivvo CMS 4.1.5.1 - Path Traversal via File Parameter
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
CVE-2004-1820 EXPLOITDB text WRITEUP
4nalbum_module 0.92 - Remote File Inclusion via basepath Parameter
PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.
CVE-2004-1818 EXPLOITDB text WRITEUP
4nalbum 0.92 for PHP-Nuke 6.5-7.0 - Cross-Site Scripting via z Parameter
Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter.
CVE-2004-1957 EXPLOITDB text WRITEUP
PostNuke 0.726 - Cross-Site Scripting via Downloads, Web_links, or openwindow.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.
CVE-2004-1954 EXPLOITDB text WRITEUP
phprofession 2.5 - Cross-Site Scripting via jcode Parameter
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.
CVE-2004-1953 EXPLOITDB text WRITEUP
phProfession 2.5 - Information Disclosure via Direct Upload.php Request
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.
EIP-2026-110889 EXPLOITDB text WRITEUP
PHP-Nuke MS-Analysis Module - Multiple Cross-Site Scripting Vulnerabilities
CVE-2004-1955 EXPLOITDB text WRITEUP
phprofession 2.5 - SQL Injection via Offset Parameter
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter.
EIP-2026-110888 EXPLOITDB text WRITEUP
PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection
CVE-2004-0266 EXPLOITDB perl WORKING POC
Php-Nuke 6.x-7.1.0 - SQL Injection via c_mid Parameter
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.
CVE-2007-2339 EXPLOITDB html WORKING POC
Phorum < 5.1.20 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.
CVE-2004-2293 EXPLOITDB text WRITEUP
PHP-Nuke 6.0-7.3 - Cross-Site Scripting via Encyclopedia and Reviews Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.
CVE-2006-0676 EXPLOITDB text WORKING POC
PHP-Nuke 6.0-7.8 - Cross-Site Scripting via Pagetitle Parameter
Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter.
CVE-2007-2249 EXPLOITDB text WRITEUP
Phorum <5.1.22 - Privilege Escalation
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
CVE-2007-2248 EXPLOITDB text WORKING POC
Phorum < 5.1.21 - Cross-Site Scripting via group_id or smiley_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.
CVE-2004-2297 EXPLOITDB text WRITEUP
PHP-Nuke 6.0-7.3 - Denial of Service via Reviews Module Score Parameter
The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.
CVE-2007-2338 EXPLOITDB text WRITEUP
Phorum < 5.1.20 - Cross-Site Request Forgery via Banlist Delete Parameter
Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter.
CVE-2007-2339 EXPLOITDB text WORKING POC
Phorum < 5.1.20 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.
EIP-2026-110603 EXPLOITDB text WORKING POC
Phorum 5.0.x - 'FOLLOW.php' SQL Injection