JosS

86 exploits Active since Dec 2005
CVE-2008-0361 EXPLOITDB perl WORKING POC
GradMan < 0.1.3 - Path Traversal and Arbitrary File Execution via Tabla Parameter
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.
EIP-2026-107468 EXPLOITDB text WRITEUP
gr blog 1.1.4 - Arbitrary File Upload / Authentication Bypass
CVE-2007-6162 EXPLOITDB text WRITEUP
FMDeluxe 2.1.0 - Cross-Site Scripting via Index.php ID Parameter
Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action.
CVE-2008-4778 EXPLOITDB text WORKING POC
Koobi CMS 4.3.0 - SQL Injection via Gallery Module galid Parameter
SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.
CVE-2008-1347 EXPLOITDB text WORKING POC
MyioSoft EasyGallery <= 5.0tr - Cross-Site Scripting via PATH_INFO or q Parameter
Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about action to the help system.
CVE-2008-1345 EXPLOITDB text WORKING POC
MyioSoft EasyCalendar <= 4.0tr - Cross-Site Scripting via Day Parameter
Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action.
EIP-2026-106649 EXPLOITDB text WORKING POC
E-topbiz Link ADS 1 PHP script - 'linkid' Blind SQL Injection
CVE-2008-1336 EXPLOITDB text WORKING POC
Koobi CMS 4.2.3-4.3.0 - SQL Injection via Categ Parameter
SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122.
CVE-2009-0701 EXPLOITDB perl WORKING POC
Cybershade CMS 0.2b - Remote Code Execution via THEME_header and THEME_footer Parameters
Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters.
CVE-2008-5289 EXPLOITDB perl WORKING POC
Clean CMS 1.5 - SQL Injection via full_txt.php id Parameter
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6425 EXPLOITDB text WORKING POC
ComicShout 2.8 - SQL Injection via News ID Parameter
SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456.
CVE-2008-1936 EXPLOITDB text WORKING POC
Classifieds Caffe - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific.
CVE-2007-6565 EXPLOITDB text WRITEUP
Blakord Portal <1.3.A - SQL Injection
Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component.
CVE-2008-1178 EXPLOITDB text WORKING POC
Centreon < 1.4.2.3 - Path Traversal via Page Parameter
Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119.
CVE-2008-5004 EXPLOITDB text WORKING POC
myWebland Bloggie Lite 0.0.2 beta - SQL Injection via Cookie
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
CVE-2008-0253 EXPLOITDB text WRITEUP
Binn SBuilder - SQL Injection via full_text.php nid Parameter
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.
CVE-2010-2915 EXPLOITDB text WORKING POC
AJ Square AJ HYIP PRIME - SQL Injection
SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-2916 EXPLOITDB text WORKING POC
AJ Square AJ HYIP MERIDIAN - SQL Injection
SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4784 EXPLOITDB text WORKING POC
aflog 1.01 - Unauthenticated Authentication Bypass via aflog_auth_a Cookie
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.
EIP-2026-104946 EXPLOITDB perl WORKING POC
Add a link 4 - Security Bypass / SQL Injection
EIP-2026-104805 EXPLOITDB perl WORKING POC
1024 CMS 1.4.4 - Remote Command Execution / Remote File Inclusion
EIP-2026-102767 EXPLOITDB text WORKING POC
xwine 1.0.1 - '.exe' Local Crash (PoC)
CVE-2007-5478 EXPLOITDB text WRITEUP
Nabh Stringbeans Portal 3.2 - Cross-Site Scripting via Project Name Parameter
Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter.
CVE-2007-5480 EXPLOITDB text WRITEUP
InnovaShop - Cross-Site Scripting via msg Parameter and contentid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp.
CVE-2007-5480 EXPLOITDB text WRITEUP
InnovaShop - Cross-Site Scripting via msg Parameter and contentid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp.