Katatafish

10 exploits Active since Nov 2006
CVE-2007-5446 EXPLOITDB html WORKING POC
Perfection Bytes Pbemail - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.
EIP-2026-112342 EXPLOITDB text WORKING POC
SomeryC 0.2.4 - 'include.php?skindir' Remote File Inclusion
CVE-2007-3505 EXPLOITDB text WORKING POC
Qt-cute Quicktalk Forum - Path Traversal
Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php.
CVE-2007-3547 EXPLOITDB text WORKING POC
Qt-cute Quickticket - Path Traversal
Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter.
CVE-2007-3402 EXPLOITDB text WORKING POC
Pagetool - SQL Injection
SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.
CVE-2007-3535 EXPLOITDB text WORKING POC
Frank Karau Gl-sh Deaf Forum < 6.4.4 - Path Traversal
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php.
CVE-2007-3431 EXPLOITDB text WORKING POC
Valerio Capello Dagger - The Cutting Edge r23jan2007 - RCE
PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.
CVE-2006-6035 EXPLOITDB text WORKING POC
F-art Agency Blog Cms < 4.1.3 - XSS
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.
CVE-2007-2736 EXPLOITDB text WORKING POC
Achievo 1.1.0 - Code Injection
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
CVE-2007-4726 EXPLOITDB perl WORKING POC
Weboddity - Path Traversal
Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.