Justin C. Klein Keane

11 exploits Active since Oct 2008
CVE-2022-50898 WRITEUP HIGH WRITEUP
NanoCMS 0.4 - Remote Code Execution
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper input sanitization.
CVSS 8.8
CVE-2008-4425 EXPLOITDB WRITEUP
Phlatline Personal Information Manager 1.0 - Path Traversal & Arbitrary File Deletion via Upload.php
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.
CVE-2008-4426 EXPLOITDB WRITEUP
Phlatline Personal Information Manager 1.0 - Cross-Site Scripting via events.php date parameter
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
CVE-2008-4427 EXPLOITDB WRITEUP
Phlatline Personal Information Manager < 1.0 - Unauthenticated Arbitrary Password Change
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
CVE-2008-4428 EXPLOITDB WRITEUP
Phlatline Personal Information Manager < 1.0 - Unauthenticated Arbitrary File Upload via upload.php
Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.
CVE-2010-1583 EXPLOITDB text WRITEUP
Tirzen Framework <1.5 - SQL Injection
SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
CVE-2008-4528 EXPLOITDB text WRITEUP
Phlatline Personal Information Manager 1.01 - Path Traversal via Notes.php ID Parameter
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
EIP-2026-106554 EXPLOITDB text WORKING POC
dotProject 2.1.3 - Multiple SQL Injections / HTML Injection Vulnerabilities
CVE-2009-4429 EXPLOITDB text WRITEUP
Sections module 5.x < 5.x-1.3 and 6.x < 6.x-1.3 - Authenticated Cross-Site Scripting via Section Name Field
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
CVE-2009-4429 EXPLOITDB text WRITEUP
Sections module 5.x < 5.x-1.3 and 6.x < 6.x-1.3 - Authenticated Cross-Site Scripting via Section Name Field
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
CVE-2008-5998 EXPLOITDB text WORKING POC
Drupal Ajax Checklist <5.x-1.1 - SQL Injection
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.