OoN_Boy

50 exploits Active since Apr 2009
CVE-2009-3348 EXPLOITDB text WORKING POC
Datavore Gyro 5.0 - Cross-Site Scripting via Home Component cid Parameter
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
CVE-2010-5040 EXPLOITDB text WORKING POC
NP_Gallery plugin 0.94 - Remote Code Execution via DIR_NUCLEUS Parameter
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1493 EXPLOITDB text WORKING POC
com_awdwall < 1.5.4 - SQL Injection via cbuser Parameter
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
EIP-2026-112970 EXPLOITDB text WRITEUP
Vastal I-Tech Cosmetics Zone - 'view_products.php' SQL Injection
EIP-2026-112969 EXPLOITDB text WRITEUP
Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection
CVE-2009-3496 EXPLOITDB text WRITEUP
Vastal I-Tech DVD Zone - Cross-Site Scripting via view_mag.php mag_id Parameter
Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.
CVE-2009-3495 EXPLOITDB text WRITEUP
Vastal I-Tech DVD Zone - SQL Injection via view_mag.php mag_id Parameter
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.
CVE-2009-1411 EXPLOITDB text WORKING POC
Seditio CMS 1.0 - SQL Injection via Events Plugin c Parameter
SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php.
EIP-2026-110670 EXPLOITDB text WRITEUP
PHP Classifieds Rental Script - Blind SQL Injection
CVE-2009-1621 EXPLOITDB text WORKING POC
OpenCart 1.1.8 - Path Traversal via Route Parameter
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.
CVE-2010-2314 EXPLOITDB text WORKING POC
NP_Twitter Plugin 0.8-0.9 - Remote Code Execution via DIR_PLUGINS Parameter
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-5041 EXPLOITDB text WORKING POC
NP_Gallery plugin 0.94 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
CVE-2010-1715 EXPLOITDB text WORKING POC
com_onlineexam 1.5.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1722 EXPLOITDB text WORKING POC
com_market 2.x - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108842 EXPLOITDB text WORKING POC
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)
CVE-2010-1659 EXPLOITDB text WORKING POC
com_ultimateportfolio 1.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108939 EXPLOITDB text WRITEUP
Just Dial Clone Script - 'fid' SQL Injection
CVE-2010-1469 EXPLOITDB text WORKING POC
Joomla! com_jprojectmanager 1.0 - Path Traversal
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108747 EXPLOITDB text WORKING POC
Joomla! Component JoomMail 1.0 - Local File Inclusion
EIP-2026-108784 EXPLOITDB text WORKING POC
Joomla! Component Memory Book 1.2 - Local File Inclusion
EIP-2026-108801 EXPLOITDB text WORKING POC
Joomla! Component My Files 1.0 - Local File Inclusion
EIP-2026-108620 EXPLOITDB text WORKING POC
Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion
CVE-2010-1656 EXPLOITDB perl WORKING POC
Airiny ABC 1.1.7 - SQL Injection via Sectionid Parameter
SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php.
CVE-2010-1471 EXPLOITDB text WORKING POC
Joomla! com_addressbook <1.5.0 - Path Traversal
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1473 EXPLOITDB text WORKING POC
Joomla! com_advertising 0.25 - Path Traversal
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.