Kenneth F. Belva

6 exploits Active since Jul 2005
CVE-2005-2192 EXPLOITDB perl WORKING POC
SimplePHPBlog 0.4.0 - Info Disclosure
SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.
CVE-2005-2733 EXPLOITDB perl WORKING POC
Simple PHP Blog - Remote Code Execution via Unrestricted File Upload
upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.
CVE-2005-2787 EXPLOITDB perl WORKING POC
Simple PHP Blog - Unauthenticated Arbitrary File Deletion via comment_delete_cgi.php comment parameter
comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter.
CVE-2014-6619 EXPLOITDB text WORKING POC
Restaurant Script PizzaInn_Project 1.0.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter.
EIP-2026-110636 EXPLOITDB text WORKING POC
PHP Address Book - 'group' Cross-Site Scripting
CVE-2006-2531 EXPLOITDB text WORKING POC
Ipswitch WhatsUp Professional 2006 - Auth Bypass
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".