Khashayar Fereidani

102 exploits Active since Sep 2007
CVE-2008-3347 EXPLOITDB perl WORKING POC
MyioSoft EasyDynamicPages <3.0 - SQL Injection
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
CVE-2008-6990 EXPLOITDB perl WORKING POC
Ezphotogallery - SQL Injection
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0856 EXPLOITDB text WORKING POC
E-vision Cms - SQL Injection
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6983 EXPLOITDB python WORKING POC
Devalcms - Code Injection
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.
CVE-2008-3721 EXPLOITDB text WORKING POC
DeeEmm CMS <0.7.4 - RCE
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
CVE-2008-3415 EXPLOITDB text WRITEUP
CMScout 2.05 - Path Traversal
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
CVE-2008-6927 EXPLOITDB text WORKING POC
Cpanel - XSS
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
CVE-2008-0679 EXPLOITDB python WORKING POC
Blogphp - XSS
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2008-3556 EXPLOITDB text WORKING POC
Battle.net Clan Script 1.5.2 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
CVE-2008-3368 EXPLOITDB text WRITEUP
ATutor <1.6.1 pl1 - RCE
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.
EIP-2026-105366 EXPLOITDB python WORKING POC
BaBB 2.8 - Remote Code Injection
CVE-2008-5787 EXPLOITDB text WRITEUP
Arab Portal 2.1 - Path Traversal
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
CVE-2008-2076 EXPLOITDB text WRITEUP
Actualscripts Actualanalyzer Lite - Path Traversal
Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter.
CVE-2008-1177 EXPLOITDB perl WORKING POC
Affiliate Market 0.1 BETA - SQL Injection
SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0677 EXPLOITDB perl WORKING POC
A-blog - SQL Injection
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.
CVE-2008-3569 EXPLOITDB text WORKING POC
XAMPP 1.6.7 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
CVE-2008-3569 EXPLOITDB text WORKING POC
XAMPP 1.6.7 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
EIP-2026-101589 EXPLOITDB html WORKING POC
Cisco Linksys WAG120N - Cross-Site Request Forgery
EIP-2026-101323 EXPLOITDB python WORKING POC
iphone folders 2.5 - Directory Traversal
EIP-2026-101329 EXPLOITDB python WORKING POC
iphone/ipad phone drive 1.1.1 - Directory Traversal
EIP-2026-101328 EXPLOITDB text WORKING POC
iphone pdf reader pro 2.3 - Directory Traversal
EIP-2026-101327 EXPLOITDB python WORKING POC
iphone mydocs 2.7 - Directory Traversal
EIP-2026-101325 EXPLOITDB python WORKING POC
iphone ifile 2.0 - Directory Traversal
EIP-2026-101324 EXPLOITDB text WORKING POC
iPhone Guitar - Directory Traversal
EIP-2026-101326 EXPLOITDB text WORKING POC
iphone ishred 1.93 - Directory Traversal