Katatafish

10 exploits Active since Nov 2006
CVE-2007-5446 EXPLOITDB html WORKING POC
PBEmail 7 ActiveX Edition - Unauthenticated Arbitrary File Write via SaveSenderToXml XmlFilePath Argument
Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.
EIP-2026-112342 EXPLOITDB text WORKING POC
SomeryC 0.2.4 - 'include.php?skindir' Remote File Inclusion
CVE-2007-3505 EXPLOITDB text WORKING POC
QuickTalk forum 1.3 - Directory Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php.
CVE-2007-3547 EXPLOITDB text WORKING POC
QuickTicket 1.2 - Remote File Inclusion via Lang Parameter
Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter.
CVE-2007-3402 EXPLOITDB text WORKING POC
pagetool 1.07 - SQL Injection via News ID Parameter
SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.
CVE-2007-3535 EXPLOITDB text WORKING POC
GL-SH Deaf Forum < 6.4.4 - Remote File Inclusion via Directory Traversal
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php.
CVE-2007-3431 EXPLOITDB text WORKING POC
Valerio Capello Dagger - The Cutting Edge r23jan2007 - RCE
PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.
CVE-2006-6035 EXPLOITDB text WORKING POC
BLOG:CMS < 4.1.3 - Cross-Site Scripting via FADDR Parameter
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.
CVE-2007-2736 EXPLOITDB text WORKING POC
Achievo 1.1.0 - Remote File Inclusion via config_atkroot Parameter
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
CVE-2007-4726 EXPLOITDB perl WORKING POC
weboddity 0.09b - Path Traversal via URI
Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.