Justin C. Klein Keane

10 exploits Active since Oct 2008
CVE-2008-4425 EXPLOITDB WRITEUP
Phlatline Personal Information Manager - Path Traversal
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.
CVE-2008-4426 EXPLOITDB WRITEUP
Phlatline Personal Information Manager - XSS
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
CVE-2008-4427 EXPLOITDB WRITEUP
Phlatline Personal Information Manager < 1.0 - Authentication Bypass
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
CVE-2008-4428 EXPLOITDB WRITEUP
Phlatline Personal Information Manager - Improper Input Validation
Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.
CVE-2010-1583 EXPLOITDB text WRITEUP
Tirzen Framework <1.5 - SQL Injection
SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
CVE-2008-4528 EXPLOITDB text WRITEUP
Phlatline Personal Information Manager - Path Traversal
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
EIP-2026-106554 EXPLOITDB text WORKING POC
dotProject 2.1.3 - Multiple SQL Injections / HTML Injection Vulnerabilities
CVE-2009-4429 EXPLOITDB text WRITEUP
Drupal <5.x-1.3, <6.x-1.3 - XSS
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
CVE-2009-4429 EXPLOITDB text WRITEUP
Drupal <5.x-1.3, <6.x-1.3 - XSS
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
CVE-2008-5998 EXPLOITDB text WORKING POC
Drupal Ajax Checklist <5.x-1.1 - SQL Injection
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.