Raz0r

15 exploits Active since Sep 2007
CVE-2008-3591 EXPLOITDB php WORKING POC
Twentyone Degrees Symphony <1.7.01 - SQL Injection
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
CVE-2007-5231 EXPLOITDB php WORKING POC
Zomplog <= 3.8.1 - Authenticated Arbitrary File Upload via admin/upload_files.php
Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2007-5230.
CVE-2007-5230 EXPLOITDB php WORKING POC
Zomplog <= 3.8.1 - Unauthenticated Administrative Action Execution via Direct Request
admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
CVE-2007-5643 EXPLOITDB php WORKING POC
Lussumo Vanilla < 1.1.3 - SQL Injection via CategoryID Parameter
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
CVE-2007-4932 EXPLOITDB php WORKING POC
Shop-Script < 2.0 - Unauthenticated Admin Panel Access via Improper Redirect Handling
admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel.
CVE-2007-5278 EXPLOITDB php WORKING POC
zomplog <= 3.8.1 - Unauthenticated Sensitive Information Exposure via Upload Directory
Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.
CVE-2009-2852 EXPLOITDB text WORKING POC
WP-Syntax < 0.9.1 - Remote Code Execution via test_filter[wp_head] Parameter
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
CVE-2007-5644 EXPLOITDB php WORKING POC
Lussumo Vanilla < 1.1.3 - Unauthenticated Unauthorized Sort Operations
Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities.
CVE-2008-6971 EXPLOITDB php WORKING POC
Simplemachines Smf - Credentials Management
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.
CVE-2008-3592 EXPLOITDB php WORKING POC
Twentyone Degrees Symphony <1.7.01 - RCE
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.
CVE-2007-4933 EXPLOITDB php WORKING POC
Shop-Script FREE <= 2.0 - Remote Code Execution via Appearance Configuration Parameters
Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters.
CVE-2007-6202 EXPLOITDB php WORKING POC
Neocrome Seditio CMS <121 - SQL Injection
SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php.
CVE-2008-2396 EXPLOITDB text WORKING POC
microSSys CMS < 1.5 - Remote Code Execution via PAGES Array Parameter
PHP remote file inclusion vulnerability in index.php in Wajox Software microSSys CMS 1.5 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in an arbitrary element of the PAGES array parameter.
CVE-2008-1513 EXPLOITDB php WORKING POC
Danneo CMS < 0.5.1 - SQL Injection via HTTP Referer Header
SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
EIP-2026-104720 EXPLOITDB php WORKING POC
Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution