OoN_Boy

50 exploits Active since Apr 2009
CVE-2009-3348 EXPLOITDB text WORKING POC
Datavore Gyro - XSS
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
CVE-2010-5040 EXPLOITDB text WORKING POC
Nucleus NP_Gallery <0.94 - RCE
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1493 EXPLOITDB text WORKING POC
Joomla! <1.5.5 - SQL Injection
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
EIP-2026-112970 EXPLOITDB text WRITEUP
Vastal I-Tech Cosmetics Zone - 'view_products.php' SQL Injection
EIP-2026-112969 EXPLOITDB text WRITEUP
Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection
CVE-2009-3496 EXPLOITDB text WRITEUP
Vastal Dvd Zone - XSS
Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.
CVE-2009-3495 EXPLOITDB text WRITEUP
Vastal Dvd Zone - SQL Injection
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.
CVE-2009-1411 EXPLOITDB text WORKING POC
Neocrome Seditio - SQL Injection
SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php.
EIP-2026-110670 EXPLOITDB text WRITEUP
PHP Classifieds Rental Script - Blind SQL Injection
CVE-2009-1621 EXPLOITDB text WORKING POC
Opencart - Path Traversal
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.
CVE-2010-2314 EXPLOITDB text WORKING POC
Edmondhui.homeip NP Twitter - Code Injection
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-5041 EXPLOITDB text WORKING POC
NP_Gallery 0.94 - SQL Injection
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
CVE-2010-1715 EXPLOITDB text WORKING POC
Pucit.edu Com Onlineexam - Path Traversal
Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1722 EXPLOITDB text WORKING POC
Dev.pucit.edu.pk Com Market - Path Traversal
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108842 EXPLOITDB text WORKING POC
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)
CVE-2010-1659 EXPLOITDB text WORKING POC
Webkul Com Ultimateportfolio - Path Traversal
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108939 EXPLOITDB text WRITEUP
Just Dial Clone Script - 'fid' SQL Injection
CVE-2010-1469 EXPLOITDB text WORKING POC
Joomla! com_jprojectmanager 1.0 - Path Traversal
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108747 EXPLOITDB text WORKING POC
Joomla! Component JoomMail 1.0 - Local File Inclusion
EIP-2026-108784 EXPLOITDB text WORKING POC
Joomla! Component Memory Book 1.2 - Local File Inclusion
EIP-2026-108801 EXPLOITDB text WORKING POC
Joomla! Component My Files 1.0 - Local File Inclusion
EIP-2026-108620 EXPLOITDB text WORKING POC
Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion
CVE-2010-1656 EXPLOITDB perl WORKING POC
Airiny Com Abc - SQL Injection
SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php.
CVE-2010-1471 EXPLOITDB text WORKING POC
Joomla! com_addressbook <1.5.0 - Path Traversal
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1473 EXPLOITDB text WORKING POC
Joomla! com_advertising 0.25 - Path Traversal
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.