Mark Stanislav

18 exploits Active since Nov 2010
CVE-2012-1671 EXPLOITDB text WORKING POC
Nicolas Tormo Phppaleo < 4.8b155 - Path Traversal
Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2012-1669 EXPLOITDB text WORKING POC
Phpmoneybooks < 1.0.2 - Path Traversal
Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2010-4006 EXPLOITDB text WORKING POC
WSN Links - SQL Injection
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
CVE-2012-5469 EXPLOITDB text WRITEUP
Portable phpMyAdmin <1.3.1 - Auth Bypass
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
CVE-2011-1099 EXPLOITDB text WORKING POC
Focalmedia.net Quick Polls < 1.0.1 - Path Traversal
Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.
CVE-2010-4331 EXPLOITDB text WRITEUP
Seopanel - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php.
CVE-2010-4332 EXPLOITDB text WORKING POC
Pangramsoft Pointter Php Content Mana... - Authentication Bypass
Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
CVE-2010-4333 EXPLOITDB text WORKING POC
Pangramsoft Pointter Php Micro-bloggi... - Authentication Bypass
Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
CVE-2010-4330 EXPLOITDB text WORKING POC
Pulsecms Pulse Cms < 1.2.8 - Path Traversal
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
CVE-2012-5386 EXPLOITDB text WORKING POC
phpPaleo 4.8b180 - Path Traversal
Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-6665 EXPLOITDB text WORKING POC
Phpmoneybooks - Path Traversal
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.
CVE-2012-1670 EXPLOITDB text WORKING POC
Phpgradebook Php Grade Book < 1.9.4 - Information Disclosure
admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action.
CVE-2010-4313 EXPLOITDB text WORKING POC
Novo-ws Orbis Cms - Unrestricted File Upload
Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/.
CVE-2012-1672 EXPLOITDB text WORKING POC
Useasdf 4444 Hotel Booking Portal - SQL Injection
SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter.
CVE-2010-4298 EXPLOITDB text WORKING POC
Dustincowell Free Simple Software - SQL Injection
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.
CVE-2012-1673 EXPLOITDB text WRITEUP
OLA Lasisi E-ticketing - SQL Injection
SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2011-1546 EXPLOITDB text WORKING POC
Andy's PHP Knowledgebase <0.95.3 - SQL Injection
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
CVE-2013-6236 EXPLOITDB CRITICAL text WRITEUP
Izoncam Izon IP Firmware - Hard-coded Credentials
IZON IP 2.0.2: hard-coded password vulnerability
CVSS 9.8