JosS

86 exploits Active since Dec 2005
CVE-2008-4454 EXPLOITDB WORKING POC
MySQL Quick Admin 1.5.5 - Path Traversal via Lang Parameter
Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1710 EXPLOITDB text WORKING POC
Siestta 2.0 - Path Traversal via Idioma Parameter
Directory traversal vulnerability in login.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the idioma parameter.
CVE-2009-2401 EXPLOITDB text WORKING POC
PHPEcho CMS 2.0-rc3 - Stored Cross-Site Scripting via Forum Post
Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.
CVE-2010-3457 EXPLOITDB text WORKING POC
Symphony CMS 2.0.7 and 2.1.1 - Cross-Site Scripting via Website Field or Recipient Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
CVE-2008-4643 EXPLOITDB text WORKING POC
myWebland myStats - SQL Injection via hits.php sortby Parameter
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2008-1346 EXPLOITDB text WORKING POC
MyioSoft EasyGallery <5.0tr - SQL Injection
SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action.
CVE-2008-1344 EXPLOITDB text WORKING POC
MyioSoft EasyCalendar <4.0tr - SQL Injection
Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and the (2) page parameter to ajaxp_backend.php.
CVE-2008-1336 EXPLOITDB text WORKING POC
Koobi CMS 4.2.3-4.3.0 - SQL Injection via Categ Parameter
SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122.
CVE-2008-4185 EXPLOITDB perl WORKING POC
webCMS Portal Edition - SQL Injection via id Parameter in documentos Action
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.
CVE-2008-1122 EXPLOITDB text WORKING POC
Koobi Pro 5.7 - SQL Injection via Downloads Module categ Parameter
SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0.
CVE-2008-1414 EXPLOITDB text WRITEUP
Multiple Time Sheets <= 5.0 - Cross-Site Scripting via Tab Parameter
Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.
CVE-2007-5455 EXPLOITDB text WORKING POC
WWWISIS 7.1 - Cross-Site Scripting via IsisScript lang or exprSearch Parameter
Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a call to the iah/iah.xis IsisScript code, possibly involving the lang or exprSearch parameter.
CVE-2008-4186 EXPLOITDB perl WORKING POC
webCMS Portal Edition - SQL Injection via id_doc Parameter
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0835 EXPLOITDB perl WORKING POC
Simple CMS <= 1.0.3 - SQL Injection via Area Parameter
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
EIP-2026-112087 EXPLOITDB text WORKING POC
Simple Document Management System 1.1.5 - Multiple SQL Injections
EIP-2026-112115 EXPLOITDB text WORKING POC
Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute
CVE-2010-3458 EXPLOITDB text WORKING POC
Symphony CMS <2.1.1 - SQL Injection
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
CVE-2009-1483 EXPLOITDB text WORKING POC
Studio Lounge Address Book 2.5 - Unauthenticated Arbitrary File Upload via upload-file.php
Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/.
CVE-2009-1452 EXPLOITDB text WORKING POC
SMA-DB 0.3.13 - Remote Code Execution via _page_css or _page_javascript Parameter
Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450.
CVE-2007-6157 EXPLOITDB text WRITEUP
SimpleGallery 0.1.3 - Cross-Site Scripting via Album Parameter
Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
CVE-2008-2411 EXPLOITDB perl WORKING POC
SazCart < 1.5 - SQL Injection via prodid Parameter
SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.
CVE-2008-6090 EXPLOITDB text WORKING POC
ScriptsEz Mini Hosting Panel - Path Traversal
Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action.
CVE-2010-1711 EXPLOITDB text WORKING POC
Siestta 2.0 - Cross-Site Scripting via Usuario Parameter
Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter.
CVE-2008-6089 EXPLOITDB text WORKING POC
ScriptsEz Easy Image Downloader - Path Traversal
Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action.
CVE-2005-4195 EXPLOITDB perl WORKING POC
Scout Portal Toolkit <= 1.3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.