JosS

86 exploits Active since Dec 2005
EIP-2026-111457 EXPLOITDB perl WORKING POC
pPIM 1.01 - 'notes.php' Remote Command Execution
CVE-2007-6158 EXPLOITDB text WORKING POC
Proverbs Web Calendar <1.1 - SQL Injection
Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
CVE-2008-4177 EXPLOITDB text WORKING POC
Preprojects Pre Real Estate Listings - SQL Injection
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2008-2915 EXPLOITDB text WORKING POC
Preprojects Pre Job Board - SQL Injection
Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (aka the search module) in Pre Job Board allow remote attackers to execute arbitrary SQL commands via the (1) position or (2) kw parameter.
CVE-2006-2770 EXPLOITDB text WORKING POC
Pppblog < 0.3.8 - Path Traversal
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].
CVE-2008-4528 EXPLOITDB text WORKING POC
Phlatline Personal Information Manager - Path Traversal
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
CVE-2008-4490 EXPLOITDB text WORKING POC
Phpabook < 0.8.8b - Path Traversal
Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie.
CVE-2009-2402 EXPLOITDB text WORKING POC
PHPEcho CMS <2.0-rc3 - SQL Injection
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.
CVE-2008-2914 EXPLOITDB text WORKING POC
Preprojects Php Jobwebsite Pro - SQL Injection
SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-1415 EXPLOITDB text WRITEUP
Multiple Time Sheets <5.0 - Path Traversal
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
CVE-2008-4644 EXPLOITDB text WORKING POC
Mywebland Mystats - Access Control
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
CVE-2008-4455 EXPLOITDB text WORKING POC
Mysql Quick Admin - Path Traversal
Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie.
CVE-2008-4650 EXPLOITDB text WORKING POC
Mywebland Myevent - SQL Injection
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
CVE-2008-6183 EXPLOITDB text WORKING POC
Myphpindexer MY Php Indexer - Path Traversal
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters.
CVE-2010-3210 EXPLOITDB text WORKING POC
Multi-lingual E-Commerce System 0.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/.
CVE-2008-6296 EXPLOITDB text WORKING POC
Maran Php Shop - Access Control
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
CVE-2008-4662 EXPLOITDB text WORKING POC
Lokicms - Path Traversal
Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2008-5965 EXPLOITDB text SCANNER
LokiCMS <0.3.4 - Path Traversal
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter.
CVE-2008-4879 EXPLOITDB text WORKING POC
Maran Php Shop - SQL Injection
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
EIP-2026-109473 EXPLOITDB perl WORKING POC
MiNBank 1.5.0 - Remote Command Execution
CVE-2009-2223 EXPLOITDB text WORKING POC
LightOpenCMS 0.1 - Path Traversal
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
CVE-2008-6177 EXPLOITDB text WORKING POC
Publicwarehouse Lightblog - Path Traversal
Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php, and the (3) Lightblog_username cookie parameter to check_user.php.
CVE-2008-4632 EXPLOITDB text WORKING POC
Kure - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters.
CVE-2008-4606 EXPLOITDB text WORKING POC
IP Reg - SQL Injection
Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579.
CVE-2008-4509 EXPLOITDB perl WORKING POC
Foss Gallery - Improper Input Validation
Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.