Nine:Situations:Group::bookoo

17 exploits Active since Jul 2008
CVE-2009-1281 EXPLOITDB php WORKING POC
Glfusion < 1.1.2 - XSS
Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1677 EXPLOITDB php WORKING POC
Bitweaver < 2.6 - Code Injection
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.
CVE-2009-1669 EXPLOITDB php WORKING POC
Smarty - Improper Input Validation
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
CVE-2009-1282 EXPLOITDB php WORKING POC
Glfusion < 1.1.2 - SQL Injection
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.
CVE-2009-3804 EXPLOITDB php WORKING POC
Runcms - SQL Injection
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.
EIP-2026-111837 EXPLOITDB text WORKING POC
RunCMS 2ma - 'post.php' SQL Injection
CVE-2009-3804 EXPLOITDB text WORKING POC
Runcms - SQL Injection
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.
CVE-2008-3128 EXPLOITDB php WORKING POC
Pivot <1.40.5 - Path Traversal
Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
EIP-2026-111352 EXPLOITDB php WORKING POC
Pluck CMS 4.5.3 - 'update.php' Remote File Corruption
EIP-2026-111083 EXPLOITDB text WORKING POC
PHPizabi 0.848b C1 HFP1 - Privilege Escalation
EIP-2026-111082 EXPLOITDB text WORKING POC
PHPizabi 0.8 - 'notepad_body' SQL Injection
CVE-2009-1283 EXPLOITDB php WORKING POC
Glfusion < 1.1.2 - Cryptographic Issue
glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.
EIP-2026-107369 EXPLOITDB php WORKING POC
Geeklog 1.5.2 - 'usersettings.php' SQL Injection
EIP-2026-107368 EXPLOITDB php WORKING POC
Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection
EIP-2026-107367 EXPLOITDB php WORKING POC
Geeklog 1.5.2 - 'savepreferences()/*blocks[]' SQL Injection
CVE-2009-4796 EXPLOITDB php WORKING POC
glFusion <1.1.2 - SQL Injection
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
CVE-2009-1678 EXPLOITDB php WORKING POC
Bitweaver < 2.6 - Path Traversal
Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php.