Michael Brooks

41 exploits Active since Nov 2004
EIP-2026-110247 EXPLOITDB text WORKING POC
openauto 1.6.3 - Multiple Vulnerabilities
CVE-2007-6485 EXPLOITDB text WRITEUP
Centreon 1.4.1 - Remote Code Execution via FileOreonConf Parameter
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
EIP-2026-110279 EXPLOITDB php WORKING POC
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQL Injection / Persistent Cross-Site Scripting on FrontPage
CVE-2007-0134 EXPLOITDB text WORKING POC
iGeneric iG Shop 1.0 - Remote Code Execution via Action Parameter
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.
CVE-2007-0130 EXPLOITDB text WORKING POC
iGeneric iG Calendar 1.0 - SQL Injection via User.php ID Parameter
SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6781 EXPLOITDB php WORKING POC
HLstats 1.20-1.34 - Information Disclosure via Playinfo Mode Parameter Manipulation
HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message.
EIP-2026-107391 EXPLOITDB text WRITEUP
Getsimple CMS 2.01 < 2.02 - Administrative Credentials Disclosure
EIP-2026-106164 EXPLOITDB text WORKING POC
Coppermine Photo Gallery 1.4.19 - Remote File Upload
CVE-2007-6459 EXPLOITDB text WORKING POC
Anon Proxy Server 0.100-0.101 - Command Injection
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.
CVE-2007-6458 EXPLOITDB text WORKING POC
123tkShop 0.9.1 - SQL Injection via Base64-Encoded Admin Parameter
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
CVE-2011-5025 EXPLOITDB text WORKING POC
Yaws 1.88 - Cross-Site Scripting via Wiki Application Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
CVE-2011-0063 EXPLOITDB text WORKING POC
Majordomo <20110203 - Path Traversal
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
CVE-2009-1759 EXPLOITDB python WORKING POC
Rahul Dtorrent - Memory Corruption
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
EIP-2026-101500 EXPLOITDB text WORKING POC
Zoom VoIP Phone Adapater ATA1+1 1.2.5 - Cross-Site Request Forgery
CVE-2008-6975 EXPLOITDB html WORKING POC
DD-WRT 24 sp2 - Cross-Site Request Forgery via apply.cgi Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. NOTE: This issue reportedly exists because of a "weak ... anti-CSRF fix" implemented in 24 sp2.
EIP-2026-101248 EXPLOITDB text WORKING POC
D-Link VoIP Phone Adapter - Cross-Site Scripting / Cross-Site Request Forgery Remote Firmware Overwrite