Osirys

66 exploits Active since May 2006
CVE-2009-0610 EXPLOITDB perl WORKING POC
Simple PHP News 1.0 final - Code Injection
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-10009 EXPLOITDB HIGH text WRITEUP
S40 CMS 0.4.2 - Unauthenticated Path Traversal via Index.php p Parameter
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
CVE-2009-1314 EXPLOITDB text WORKING POC
Web File Explorer 3.1 - Remote Code Execution via File Parameter in savefile Action
body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.
CVE-2009-0251 EXPLOITDB perl WORKING POC
Ryneezy phoSheezy 0.2 - Code Injection
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information.
CVE-2009-0250 EXPLOITDB perl WORKING POC
Ryneezy phoSheezy 0.2 - Info Disclosure
Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.
CVE-2008-6772 EXPLOITDB text WORKING POC
YourPlace <= 1.0.2 - Unauthenticated Account Takeover via Username Collision
login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user.
CVE-2008-6771 EXPLOITDB text WORKING POC
YourPlace <= 1.0.2 - Information Disclosure via phpinfo.php Direct Request
YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function.
CVE-2008-6770 EXPLOITDB text WORKING POC
YourPlace <= 1.0.2 - Unauthenticated Sensitive Information Exposure via Direct Request
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt.
CVE-2008-6769 EXPLOITDB text WORKING POC
YourPlace <= 1.0.2 - Authenticated Arbitrary File Upload via upload.php
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
CVE-2009-1508 EXPLOITDB perl WORKING POC
X-Forum 0.6.2 - SQL Injection via cookie_username Parameter
SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.
CVE-2008-6901 EXPLOITDB text WRITEUP
2532gigs 1.2.2 - Remote File Inclusion via Language Parameter
Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585.
CVE-2008-6312 EXPLOITDB text WRITEUP
ProQuiz 1.0 - SQL Injection via Username Parameter
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6311 EXPLOITDB text WORKING POC
Butterfly Organizer 2.0.1 - SQL Injection via mytable Parameter
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.
CVE-2008-5764 EXPLOITDB text WRITEUP
WorkSimple 1.2.1 - Remote Code Execution via Lang Parameter
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2008-5762 EXPLOITDB text WRITEUP
Simple Text-File Login Script 1.0.6 - Info Disclosure
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt.
CVE-2008-5333 EXPLOITDB text WRITEUP
NitroTech 0.0.3a - SQL Injection via members.php id Parameter
SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5854 EXPLOITDB text WRITEUP
myPHPscripts Login Session 2.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these details are obtained from third party information.
CVE-2007-1152 EXPLOITDB perl WORKING POC
Pyrophobia 2.1.3.1 - Path Traversal
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information.
CVE-2006-2268 EXPLOITDB text WORKING POC
FlexCustomer <= 0.0.6 - SQL Injection via checkuser/checkpass or username/password Parameters
SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected.
CVE-2011-10009 METASPLOIT HIGH ruby WORKING POC
S40 CMS 0.4.2 - Unauthenticated Path Traversal via Index.php p Parameter
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
CVE-2008-6773 EXPLOITDB text WORKING POC
YourPlace <= 1.0.2 - Authenticated Static Code Injection via Internet Toolbar Parameters
Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters.
CVE-2008-5220 EXPLOITDB perl WORKING POC
wportfolio < 0.3 - Unauthenticated Arbitrary File Upload via admin/upload_form.php
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
CVE-2009-1512 EXPLOITDB perl WORKING POC
X-Forum 0.6.2 - Authenticated PHP Code Injection via adminEMail Parameter
Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.
CVE-2008-5765 EXPLOITDB text WRITEUP
WorkSimple 1.2.1 - Unauthenticated Sensitive Information Exposure via Direct Request
WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt.
CVE-2009-1323 EXPLOITDB text WORKING POC
Web File Explorer 3.1 - SQL Injection via id Parameter
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.