Omni

14 exploits Active since May 2006
CVE-2007-2304 EXPLOITDB text WRITEUP
Qdblog < 0.4 - Path Traversal
Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.
CVE-2007-2007 EXPLOITDB text WRITEUP
pL-PHP beta 0.9 - Auth Bypass
admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.
CVE-2007-2006 EXPLOITDB text WRITEUP
Pl-php < 0.9_beta - SQL Injection
Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.
CVE-2007-6233 EXPLOITDB text WRITEUP
FTP Admin 0.1.0 - Path Traversal
Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2007-6232 EXPLOITDB text WRITEUP
FTP Admin 0.1.0 - XSS
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
EIP-2026-115619 EXPLOITDB c WORKING POC
Mercur MailServer 5.0 SP3 - 'IMAP' Denial of Service
CVE-2006-2242 EXPLOITDB c WORKING POC
Acftp - Denial of Service
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
CVE-2007-2305 EXPLOITDB text WRITEUP
Qdblog < 0.4 - SQL Injection
Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2007-2008 EXPLOITDB text WRITEUP
Pl-php - Path Traversal
Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2007-2503 EXPLOITDB text WORKING POC
PHP Turbulence 0.0.1 alpha - Path Traversal
Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion
CVE-2008-0632 EXPLOITDB text WRITEUP
Lightblog - Access Control
Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory.
CVE-2007-1434 EXPLOITDB text WRITEUP
Grayscale Blog < 0.8.0 - SQL Injection
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
CVE-2007-6234 EXPLOITDB text WRITEUP
FTP Admin 0.1.0 - Auth Bypass
index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
EIP-2026-106780 EXPLOITDB text WRITEUP
eForum 0.4 - 'busca.php' Multiple Cross-Site Scripting Vulnerabilities