MhZ91

29 exploits Active since Sep 2007
CVE-2007-6614 EXPLOITDB text WRITEUP
Agares Media phpAutoVideo <2.21 - RCE
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CVE-2007-6542.
CVE-2007-6489 EXPLOITDB text WORKING POC
Falcon Series One CMS 1.4.3 - Cross-Site Scripting via Guestbook Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
CVE-2007-6488 EXPLOITDB text WORKING POC
Falcon Series One CMS 1.4.3 - Remote File Inclusion via dir[classes] or error Parameter
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
CVE-2007-6475 EXPLOITDB text WORKING POC
GF-3XPLORER 2.4 - Remote File Inclusion via Lang_sel Parameter
Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.
CVE-2007-6474 EXPLOITDB text WORKING POC
GF-3XPLORER 2.4 - Cross-Site Scripting via newdir Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.
CVE-2007-6632 EXPLOITDB text WORKING POC
xml2owl 0.1.1 - Remote Code Execution via showCode.php Path Parameter
showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter.
CVE-2007-4815 EXPLOITDB text WORKING POC
Markus Iser ED Engine 0.8999 alpha - Remote Code Execution via Codebase Parameter
Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/.
CVE-2007-6581 EXPLOITDB text WORKING POC
Social Engine 2.0 - Path Traversal via Global Lang Parameter
Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/.
CVE-2008-1123 EXPLOITDB text WRITEUP
SiteBuilder Elite 1.2 - Remote Code Execution via CarpPath Parameter
Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php.
CVE-2008-0249 EXPLOITDB text WORKING POC
PHP Webquest 2.6 - Unauthenticated Database Credential Exposure via Direct Request to admin/backup_phpwebquest.php
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.
CVE-2007-4809 EXPLOITDB text WORKING POC
Online Fantasy Football League 0.2.6 - Remote Code Execution via DOC_ROOT Parameter
Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php.
CVE-2008-0803 EXPLOITDB text WRITEUP
LookStrike Lan Manager 0.9 - Remote Code Execution via sys_conf[path][real] Parameter
Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5) db_games.php, (6) db_matches.php, (7) db_match_teams.php, (8) db_news.php, (9) db_platform.php, (10) db_players.php, (11) db_server_group.php, (12) db_server_ip.php, (13) db_teams.php, (14) db_team_players.php, (15) db_tournaments.php, (16) db_tournament_teams.php, and (17) db_trees.php in modules\class\db\; and (18) Match.php, (19) MatchTeam.php, (20) Rule.php, (21) RuleBuilder.php, (22) RulePool.php, (23) RuleSingle.php, (24) RuleTree.php, (25) Tournament.php, (26) TournamentTeam.php, (27) Tree.php, and (28) TreeSingle.php in modules\class\tournament\. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
CVE-2007-6551 EXPLOITDB text WORKING POC
MailMachine Pro <2.2.6 - SQL Injection
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6344 EXPLOITDB text WRITEUP
Mcms Easy Web Make <1.3 - Path Traversal
Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
CVE-2007-6557 EXPLOITDB text WORKING POC
MeGaCheatZ 1.1 - SQL Injection via ItemID Parameter
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.
CVE-2007-6639 EXPLOITDB text WORKING POC
IPTBB 0.5.4 - SQL Injection via id Parameter in viewdir Action
SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action.
CVE-2007-6579 EXPLOITDB text WORKING POC
Ip Reg 0.3 - SQL Injection via vlan_id Parameter
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4.
CVE-2008-0431 EXPLOITDB text WORKING POC
idmos_cms 1.0 - Unauthenticated Path Traversal via administrator/download.php fileName Parameter
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
CVE-2008-0818 EXPLOITDB text WRITEUP
freePHPgallery 0.6 - Path Traversal via Lang Cookie
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
CVE-2007-6476 EXPLOITDB text WORKING POC
GF-3XPLORER 2.4 - Exposure of Sensitive Information via phpinfo.php
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
CVE-2007-6178 EXPLOITDB text WORKING POC
Easy Hosting Control Panel <0.22.8 - RCE
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.
EIP-2026-107036 EXPLOITDB text WRITEUP
Falcon Series One 1.4.3 stable - Multiple Input Validation Vulnerabilities
CVE-2007-6490 EXPLOITDB text WORKING POC
Falcon Series One CMS 1.4.3 - Cross-Site Request Forgery via Password Change Action
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
CVE-2008-6064 EXPLOITDB text WORKING POC
DomPHP 0.81 - SQL Injection via Agenda Cat Parameter
Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors.
CVE-2008-1313 EXPLOITDB text WORKING POC
Bloo < 1.0 - SQL Injection via post_id Parameter
Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors.