Psiczn

9 exploits Active since Feb 2008
CVE-2008-0650 EXPLOITDB text WRITEUP
Simple OS CMS 0.1c beta - SQL Injection via Username Field
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0645 EXPLOITDB text WRITEUP
Portail Web Php 2.5.1.1 - Remote Code Execution via site_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0645 EXPLOITDB text WRITEUP
Portail Web Php 2.5.1.1 - Remote Code Execution via site_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0645 EXPLOITDB text WRITEUP
Portail Web Php 2.5.1.1 - Remote Code Execution via site_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0645 EXPLOITDB text WRITEUP
Portail Web Php 2.5.1.1 - Remote Code Execution via site_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-106561 EXPLOITDB text WORKING POC
Download Management 1.00 for PHP-Fusion - Multiple Local File Inclusions
CVE-2008-0651 EXPLOITDB text WRITEUP
Pedro Santana Codice CMS - SQL Injection via Login Username Field
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0700 EXPLOITDB text WORKING POC
CruxCMS 3.0 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0749 EXPLOITDB text WORKING POC
Calimero.CMS 3.3 - Cross-Site Scripting via id Parameter in calimero_webpage Action
Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.