Michael Brooks

41 exploits Active since Nov 2004
CVE-2007-0133 EXPLOITDB WORKING POC
iGeneric iG Shop < 1.4 - SQL Injection via id or user_login_cookie Parameter
Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.
CVE-2008-6974 EXPLOITDB html WORKING POC
DD-WRT < 24 - Cross-Site Request Forgery via apply.cgi Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.
CVE-2009-0467 EXPLOITDB text WORKING POC
Profense Web App Firewall <2.6.3 - XSS
Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.
CVE-2011-0049 EXPLOITDB text WORKING POC
Majordomo <20110131 - Path Traversal
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
CVE-2008-6498 EXPLOITDB text WORKING POC
XAMPP 1.6.8 - Cross-Site Request Forgery via xampppasswd Parameter
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
CVE-2007-0132 EXPLOITDB text WORKING POC
iGeneric iG Shop 1.4 - SQL Injection via compare_product.php id Parameter
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6780 EXPLOITDB php WORKING POC
hlstats 1.20-1.34 - SQL Injection via Login Form killLimit Parameter
SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter.
CVE-2008-6499 EXPLOITDB text WORKING POC
XAMPP 1.6.8 - Remote Code Execution via SERVER Superglobal Variable Spoofing
security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.
CVE-2009-0389 EXPLOITDB html WORKING POC
Web On Windows ActiveX 2 - Arbitrary File Write and Code Execution via WriteIniFileString and ShellExecute Methods
Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.
CVE-2009-0468 EXPLOITDB text WORKING POC
Profense Web Application Firewall 2.6.2-2.6.3 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.
EIP-2026-118758 EXPLOITDB text WORKING POC
ManageEngine Firewall Analyzer 5 - Cross-Site Request Forgery / Cross-Site Scripting
EIP-2026-114513 EXPLOITDB text WORKING POC
Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
EIP-2026-113499 EXPLOITDB text WRITEUP
WordPress Core 2.3.1 - Unauthorized Post Access
EIP-2026-112882 EXPLOITDB php WORKING POC
Ultimate PHP Board 1.96 GOLD - Multiple Vulnerabilities
CVE-2008-6585 EXPLOITDB html WORKING POC
Torrentflux - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
CVE-2007-5646 EXPLOITDB perl WORKING POC
Simple Machines Forum 1.1.3 - SQL Injection via Userspec Parameter
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
EIP-2026-112253 EXPLOITDB text SUSPICIOUS
SMF 1.1.4 - Audio CAPTCHA Security Bypass
EIP-2026-112085 EXPLOITDB text WORKING POC
Simple Directory Listing 2 - Cross-Site Arbitrary File Upload
EIP-2026-111233 EXPLOITDB text WRITEUP
phpvidz 0.9.5 - Administrative Credentials Disclosure
EIP-2026-111333 EXPLOITDB text WORKING POC
Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting
EIP-2026-111344 EXPLOITDB text WORKING POC
Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass
CVE-2007-6471 EXPLOITDB text WORKING POC
phpay 2.02.01 - Path Traversal via Config Parameter
Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.
CVE-2007-6470 EXPLOITDB text WRITEUP
phpRPG 0.8 - Session Hijacking via Insecure Session File Storage
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.
CVE-2008-5621 EXPLOITDB text WORKING POC
phpMyAdmin 2.11.x-2.11.9.3 and 3.x-3.1.0.9 - Cross-Site Request Forgery via tbl_structure.php
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
CVE-2004-1315 EXPLOITDB php WORKING POC
phpBB 2.x < 2.0.11 - Remote Code Execution via Double-Encoded Highlight Parameter
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.