Janek Vind - Security Researcher - Exploit Intelligence Platform

CVE-2008-0506 METASPLOIT ruby WORKING POC

Coppermine Photo Gallery < 1.4.14 - Improper Input Validation

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.

View Code

CVE-2004-0322 EXPLOITDB text WORKING POC

Xmb - XSS

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.

View Code

CVE-2004-0323 EXPLOITDB text WRITEUP

Xmb - SQL Injection

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.

View Code

CVE-2004-0322 EXPLOITDB text WORKING POC

Xmb - XSS

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.

View Code

CVE-2004-0322 EXPLOITDB text WORKING POC

Xmb - XSS

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.

View Code

CVE-2004-1821 EXPLOITDB text WRITEUP

Warpspeed 4nalbum Module - SQL Injection

SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.

View Code

CVE-2009-3787 EXPLOITDB text WORKING POC

Vivvo - Path Traversal

files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.

View Code

CVE-2004-1820 EXPLOITDB text WRITEUP

PHP-Nuke 6.5-7.0 - RCE

PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.

View Code

CVE-2004-1818 EXPLOITDB text WRITEUP

PHP-Nuke 6.5-7.0 - XSS

Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter.

View Code

CVE-2004-1957 EXPLOITDB text WRITEUP

PostNuke 0.726 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.

View Code

CVE-2004-1954 EXPLOITDB text WRITEUP

Phprofession - XSS

Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.

View Code

CVE-2004-1953 EXPLOITDB text WRITEUP

phProfession 2.5 - Info Disclosure

phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.

View Code

EIP-2026-110889 EXPLOITDB text WRITEUP

PHP-Nuke MS-Analysis Module - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2004-1955 EXPLOITDB text WRITEUP

Phprofession - SQL Injection

SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter.

View Code

EIP-2026-110888 EXPLOITDB text WRITEUP

PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection

View Code

CVE-2004-0266 EXPLOITDB perl WORKING POC

Francisco Burzi Php-nuke - SQL Injection

SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.

View Code

CVE-2007-2339 EXPLOITDB html WORKING POC

Phorum < 5.1.20 - SQL Injection

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.

View Code

CVE-2004-2293 EXPLOITDB text WRITEUP

PHP-Nuke <7.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.

View Code

CVE-2006-0676 EXPLOITDB text WORKING POC

Francisco Burzi Php-nuke - XSS

Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter.

View Code

CVE-2007-2249 EXPLOITDB text WRITEUP

Phorum <5.1.22 - Privilege Escalation

include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.

View Code

CVE-2007-2248 EXPLOITDB text WORKING POC

Phorum < 5.1.21 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.

View Code

CVE-2004-2297 EXPLOITDB text WRITEUP

PHP-Nuke 6.0-7.3 - DoS

The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.

View Code

CVE-2007-2338 EXPLOITDB text WRITEUP

Phorum < 5.1.20 - CSRF

Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter.

View Code

CVE-2007-2339 EXPLOITDB text WORKING POC

Phorum < 5.1.20 - SQL Injection

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.

View Code

EIP-2026-110603 EXPLOITDB text WORKING POC

Phorum 5.0.x - 'FOLLOW.php' SQL Injection

View Code