Khashayar Fereidani

102 exploits Active since Sep 2007
CVE-2009-4960 EXPLOITDB text WRITEUP
Lanai Core 0.6 - Path Traversal via Download Module f Parameter
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
CVE-2008-6926 EXPLOITDB text WORKING POC
Fantastico De Luxe Module for cPanel - Path Traversal and Arbitrary File Execution via scriptpath_show Parameter
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
CVE-2008-6989 EXPLOITDB perl WORKING POC
ezphotogallery 2.1 - SQL Injection via gallery.php Username Parameter
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6988 EXPLOITDB perl WORKING POC
ezphotogallery 2.1 - Cross-Site Scripting via galleryid, size, or imageid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php.
CVE-2008-6982 EXPLOITDB python WORKING POC
devalcms 1.4a - Cross-Site Scripting via currentpath Parameter
Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.
CVE-2008-4591 EXPLOITDB text WRITEUP
phpwebgallery 1.3.4 - Cross-Site Scripting via lang[access_forbiden] and lang[ident_title] Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.
CVE-2008-1176 EXPLOITDB perl WORKING POC
Affiliate Market 0.1 BETA - Cross-Site Scripting via sideblock4 Parameter
Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.
CVE-2007-6124 EXPLOITDB perl WORKING POC
Softbiz Freelancers Script 1 - Stored Cross-Site Scripting via signin.php errmsg Parameter
Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
CVE-2008-3720 EXPLOITDB text WORKING POC
DMCMS 0.7.4 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
CVE-2008-2081 EXPLOITDB text WRITEUP
Siteman 2.0.x2 - Authenticated Path Traversal via Module Parameter
Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2008-2072 EXPLOITDB text WRITEUP
Virtual Design Studio vlbook 1.21 - Cross-Site Scripting via l Parameter
Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260.
CVE-2008-1650 EXPLOITDB python WORKING POC
EasyNews 4.0 - SQL Injection via read Parameter in edp_Help_Internal_News Action
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.
CVE-2008-1649 EXPLOITDB python WORKING POC
EasyNews 4.0 - Cross-Site Scripting via Read Parameter in edp_pupublish Action
Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action.
CVE-2008-0678 EXPLOITDB python WORKING POC
BlogPHP 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
CVE-2008-0676 EXPLOITDB perl WORKING POC
A-Blog 2 - Cross-Site Scripting via Search Words Parameter
Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
CVE-2007-5679 EXPLOITDB text WORKING POC
DeeEmm.com DM CMS 0.7.0.Beta and 0.7.4 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected.
CVE-2009-3860 EXPLOITDB perl WORKING POC
COMRaider - File Creation/Overwrite
Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
CVE-2008-2073 EXPLOITDB text WRITEUP
vlbook 1.21 - Path Traversal via l Parameter
Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
CVE-2007-5998 EXPLOITDB text WORKING POC
Softbiz Ad Management plus Script 1 - SQL Injection
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
CVE-2008-2082 EXPLOITDB text WRITEUP
Siteman 2.0.x2 - Cross-Site Scripting via Module Parameter
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
CVE-2007-5996 EXPLOITDB text WRITEUP
Softbiz Link Directory Script - SQL Injection
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
CVE-2008-4080 EXPLOITDB text WRITEUP
Stash 1.0.3 - SQL Injection via Username or Download Parameter
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information.
CVE-2007-5997 EXPLOITDB text WORKING POC
Softbiz Banner Exchange Network Script 1.0 - SQL Injection
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2007-5316 EXPLOITDB text WRITEUP
Softbiz Jobs and Recruitment Script - SQL Injection via browsecats.php cid Parameter
SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-5999 EXPLOITDB text WRITEUP
Softbiz Auctions Script - SQL Injection
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.