KiNgOfThEwOrLd

27 exploits Active since Oct 2007
CVE-2007-6398 EXPLOITDB text WORKING POC
Flat PHP Board < 1.2 - Unauthenticated Authentication Bypass via fpb_username Cookie
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie.
CVE-2007-6397 EXPLOITDB text WORKING POC
Flat PHP Board <1.2 - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action.
CVE-2007-6396 EXPLOITDB text WORKING POC
Flat PHP Board <1.2 - Code Injection
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile.
CVE-2007-6395 EXPLOITDB text WORKING POC
Flat PHP Board <1.2 - Info Disclosure
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/.
CVE-2007-5822 EXPLOITDB text WORKING POC
Ben Ng Scribe <0.2 - Code Injection
Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.
CVE-2007-5773 EXPLOITDB text WRITEUP
Flatnuke 3 - Cross-Site Request Forgery via File Manager dir and ffile Parameters
Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter.
CVE-2007-5771 EXPLOITDB text WORKING POC
Flatnuke 3 - Unauthenticated Privilege Escalation via myforum%00 Cookie
Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.
CVE-2007-6366 EXPLOITDB text WORKING POC
SineCMS < 2.3.4 - SQL Injection via Calendar and Guestbook Parameters
Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators.
CVE-2008-0232 EXPLOITDB text WORKING POC
Zero CMS 1.0 Alpha - SQL Injection via id f or t Parameter
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.
CVE-2008-0233 EXPLOITDB text WORKING POC
Zero CMS 1.0 Alpha and earlier - Unauthenticated Arbitrary File Upload via Avatar Content-Type Bypass
Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.
CVE-2007-6160 EXPLOITDB text WRITEUP
Tilde CMS 4.x and earlier - Cross-Site Scripting via aarstal Parameter
Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action.
CVE-2007-6159 EXPLOITDB text WORKING POC
Tilde CMS 4.x and earlier - SQL Injection via aarstal Parameter
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
CVE-2007-5802 EXPLOITDB text WRITEUP
Firewolf Technologies Synergiser <1.2 RC1 - Path Traversal
Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.
CVE-2007-6367 EXPLOITDB text WORKING POC
SineCMS < 2.3.4 - Cross-Site Scripting via Guestbook Username or Comment Field
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.
CVE-2008-7163 EXPLOITDB text WORKING POC
SineCMS < 2.3.5 - Path Traversal via sine[config][index_main] Parameter
Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter.
CVE-2007-5802 EXPLOITDB text WRITEUP
Firewolf Technologies Synergiser <1.2 RC1 - Path Traversal
Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.
CVE-2007-5823 EXPLOITDB text WORKING POC
Ben Ng Scribe <0.2 - Path Traversal
Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Register action.
EIP-2026-110890 EXPLOITDB text WORKING POC
PHP-Nuke NSN Script Depository 1.0.0 - Remote Source Disclosure
EIP-2026-110520 EXPLOITDB text WORKING POC
PBLang 4.99.17.q - Remote File Rewriting / Command Execution
CVE-2007-5688 EXPLOITDB text WORKING POC
Multi-Forums Module 1.3.3 for Invision Power Board and phpBB - SQL Injection via go or cat Parameter
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
CVE-2007-6399 EXPLOITDB text WORKING POC
Flat PHP Board <1.2 - Info Disclosure
index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.
CVE-2007-6164 EXPLOITDB text WORKING POC
Eurologon CMS - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.
CVE-2007-6185 EXPLOITDB text WORKING POC
Eurologon CMS - Path Traversal via File Parameter in Users/Files.php
Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials.
EIP-2026-107131 EXPLOITDB text WORKING POC
Flatnuke3 File Manager Module - Unauthorized Access
CVE-2007-5772 EXPLOITDB text WORKING POC
Flatnuke 3 - Authenticated PHP Code Injection via Download Module Description
Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.