Nico Leidecker

4 exploits Active since Feb 2008
EIP-2026-110468 EXPLOITDB text WRITEUP
Papoo 1.0.3 - 'Plugin.php' Authentication Bypass
CVE-2009-3040 EXPLOITDB text WORKING POC
OCS Inventory NG 1.02 - SQL Injection via download.php Parameters or group_show.php SYSTEMID
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.
CVE-2009-2166 EXPLOITDB text WORKING POC
OCS Inventory NG <1.02.1 (Unix) - Path Traversal
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
CVE-2008-0026 EXPLOITDB text WORKING POC
Cisco Unified Communications Manager SQL Injection via Key Parameter
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.