Khashayar Fereidani

102 exploits Active since Sep 2007
CVE-2007-6125 EXPLOITDB perl WORKING POC
Softbiz Freelancers Script - SQL Injection
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
CVE-2007-5997 EXPLOITDB text WORKING POC
Softbiz Banner Exchange Network Script 1.0 - SQL Injection
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2007-5316 EXPLOITDB text WRITEUP
Softbizscripts Softbiz Jobs And Recruitment Script - SQL Injection
SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-5122 EXPLOITDB text WRITEUP
Softbizscripts Classifieds Plus Script - SQL Injection
SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-5999 EXPLOITDB text WRITEUP
Softbiz Auctions Script - SQL Injection
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-111723 EXPLOITDB text WORKING POC
recordpress 0.3.1 - Multiple Vulnerabilities
EIP-2026-111842 EXPLOITDB text WORKING POC
Ruubikcms 1.0.3 - 'head.php' Cross-Site Scripting
EIP-2026-111844 EXPLOITDB text WORKING POC
Ruubikcms 1.0.3 - Multiple Vulnerabilities
CVE-2008-3574 EXPLOITDB text WRITEUP
Pluck 4.5.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.
CVE-2008-4072 EXPLOITDB perl WORKING POC
Phsdev Phsblog - SQL Injection
Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.
CVE-2008-4702 EXPLOITDB text WRITEUP
Phpwebgallery - Path Traversal
Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php.
CVE-2008-0353 EXPLOITDB text WRITEUP
Php-residence - SQL Injection
SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3541 EXPLOITDB text WRITEUP
Phpgenealogy - Code Injection
PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter.
CVE-2009-0831 EXPLOITDB text WRITEUP
PHP-Fusion 1.0 - Members CV (job) module - SQL Injection
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
CVE-2008-5733 EXPLOITDB text WORKING POC
Team Impact TI Blog System - SQL Injection
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0832 EXPLOITDB text WRITEUP
PHP-Fusion E-Cart 1.3 - SQL Injection
SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter.
EIP-2026-110821 EXPLOITDB text WRITEUP
PHP-Fusion Mod vArcade 1.8 - 'comment_id' SQL Injection
CVE-2009-3543 EXPLOITDB text WRITEUP
Phenotype-cms Phenotype Cms < 2.8 - SQL Injection
SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).
EIP-2026-110640 EXPLOITDB text WRITEUP
PHP AdminPanel Free 1.0.5 - Remote File Disclosure
CVE-2008-3405 EXPLOITDB text WRITEUP
nzFotolog 0.4.1 - Path Traversal
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.
CVE-2008-4423 EXPLOITDB text WORKING POC
Ovidentia - SQL Injection
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
CVE-2008-0796 EXPLOITDB text WORKING POC
Nuboard - SQL Injection
SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter.
CVE-2008-6517 EXPLOITDB text WORKING POC
Nick Jenkin Newshowler - SQL Injection
SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter.
CVE-2008-1639 EXPLOITDB perl WORKING POC
Neat Weblog 0.2 - SQL Injection
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.
EIP-2026-109646 EXPLOITDB python WORKING POC
mUnky 0.01 - 'index.php' Remote Code Execution