Janek Vind "waraxe"

45 exploits Active since May 2007
EIP-2026-113769 EXPLOITDB text WORKING POC
WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities
CVE-2009-3787 EXPLOITDB text WORKING POC
Vivvo - Path Traversal
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
EIP-2026-113117 EXPLOITDB ruby WORKING POC
VirtueMart 1.1.2 - SQL Injection (Metasploit)
EIP-2026-113116 EXPLOITDB text WRITEUP
virtuemart 1.1.2 - Multiple Vulnerabilities
EIP-2026-112752 EXPLOITDB text WRITEUP
torrenttrader 2.08 - Multiple Vulnerabilities
CVE-2009-2161 EXPLOITDB text WRITEUP
TorrentTrader Classic 1.09 - Path Traversal
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name.
EIP-2026-111902 EXPLOITDB text WRITEUP
Saurus CMS 4.7.1 - Multiple Vulnerabilities
CVE-2009-0678 EXPLOITDB text WRITEUP
RavenNuke 2.30 - Info Disclosure
images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.
CVE-2013-3241 EXPLOITDB text WRITEUP
phpMyAdmin <4.0.0-rc3 - Code Injection
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
EIP-2026-111146 EXPLOITDB text WRITEUP
phpMyBitTorrent 2.04 - Multiple Vulnerabilities
CVE-2013-7375 EXPLOITDB text WRITEUP
PHP-Fusion <7.02.05 - SQL Injection
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
CVE-2013-1891 EXPLOITDB MEDIUM text WRITEUP
Opencart < 1.5.5.1 - Path Traversal
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
CVSS 6.5
EIP-2026-110266 EXPLOITDB text WORKING POC
opencart 1.5.2.1 - Multiple Vulnerabilities
CVE-2008-0382 EXPLOITDB text WORKING POC
Mybulletinboard - Code Injection
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
EIP-2026-109752 EXPLOITDB php WORKING POC
MyBulletinBoard (MyBB) 1.2.11 - 'private.php' SQL Injection (2)
EIP-2026-109505 EXPLOITDB text WRITEUP
MKPortal 1.2.1 - Multiple Vulnerabilities
CVE-2012-2226 EXPLOITDB CRITICAL text WRITEUP
Invisioncommunity Invision Power Board - Unrestricted File Upload
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
CVSS 9.8
EIP-2026-107932 EXPLOITDB php WORKING POC
Invision Power Board 2.3.5 - SQL Injection
EIP-2026-106305 EXPLOITDB php WORKING POC
CuteNews 1.4.5 - Admin Password md5 Hash Fetching
CVE-2012-1614 EXPLOITDB text WRITEUP
Coppermine-gallery Coppermine Photo Gallery - Information Disclosure
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.