NoGe

100 exploits Active since Oct 2007
CVE-2007-5310 EXPLOITDB text WORKING POC
webmaster-tips.net wmtportfolio 1.0 for Joomla! - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-5585 EXPLOITDB text WORKING POC
lcxBBportal 0.1 Alpha 2 - Remote Code Execution via phpbb_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php.
CVE-2008-3446 EXPLOITDB text WORKING POC
LetterIt 2 - Remote File Inclusion via Language Parameter Path Traversal
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2008-5789 EXPLOITDB text WORKING POC
Joomla! Recly Interactive Feederator 1.0.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.
EIP-2026-108529 EXPLOITDB text WORKING POC
Joomla! Component com_sebercart - 'getPic.php' Local File Disclosure
EIP-2026-108554 EXPLOITDB text WORKING POC
Joomla! Component com_spsnewsletter - Local File Inclusion
EIP-2026-108591 EXPLOITDB text WORKING POC
Joomla! Component com_webeecomment 2.0 - Local File Inclusion
EIP-2026-108592 EXPLOITDB text WORKING POC
Joomla! Component com_wgpicasa - Local File Inclusion
EIP-2026-108594 EXPLOITDB text WORKING POC
Joomla! Component com_wisroyq 1.1 - Local File Inclusion
EIP-2026-108618 EXPLOITDB text WORKING POC
Joomla! Component CV Maker 1.0 - Local File Inclusion
CVE-2008-6221 EXPLOITDB text WORKING POC
Dada Mail Manager 2.6 - Remote Code Execution via GLOBALS[mosConfig_absolute_path] Parameter
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
EIP-2026-108620 EXPLOITDB text WORKING POC
Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion
CVE-2010-1955 EXPLOITDB text WORKING POC
Deluxe Blog Factory (com_blogfactory) 1.1.2 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108622 EXPLOITDB text WORKING POC
Joomla! Component Digital Diary 1.5.0 - Local File Inclusion
EIP-2026-108626 EXPLOITDB text WORKING POC
Joomla! Component DM Orders - 'id' SQL Injection
CVE-2008-6482 EXPLOITDB text WORKING POC
Flash Tree Gallery (com_treeg) 1.0 - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter.
EIP-2026-108650 EXPLOITDB text WORKING POC
Joomla! Component FlashGames 1.5.0 - Local File Inclusion
CVE-2007-5407 EXPLOITDB text WORKING POC
JContentSubscription 1.5.8 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and (4) register.php, in view/; and (5) list.sub.html.php, (6) list.user.sub.html.php, and (7) reports.html.php in views/.
EIP-2026-108741 EXPLOITDB text WORKING POC
Joomla! Component Joomla-Visites 1.1 RC2 - Remote File Inclusion
EIP-2026-108207 EXPLOITDB text WORKING POC
Joomla! Component Appointment 1.5 - Local File Inclusion
CVE-2010-1979 EXPLOITDB text WORKING POC
Affiliate Datafeeds (com_datafeeds) build 880 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1473 EXPLOITDB text WORKING POC
Joomla! com_advertising 0.25 - Path Traversal
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1471 EXPLOITDB text WORKING POC
Joomla! com_addressbook <1.5.0 - Path Traversal
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1656 EXPLOITDB perl WORKING POC
Airiny ABC 1.1.7 - SQL Injection via Sectionid Parameter
SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php.
EIP-2026-108360 EXPLOITDB text WORKING POC
Joomla! Component com_google - Local File Inclusion