Ryan Dewhurst

8 exploits Active since Aug 2009
CVE-2018-15495 WRITEUP HIGH WRITEUP
Responsive FileManager < 9.13.3 - Path Traversal and Server-Side Request Forgery via URL Parameter
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
CVSS 7.5
CVE-2015-2292 EXPLOITDB text WORKING POC
WordPress SEO by Yoast < 1.5.7, 1.6.x < 1.6.4, 1.7.x < 1.7.4 - SQL Injection via order_by or order
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVE-2013-5748 EXPLOITDB text WORKING POC
simplerisk < 20130916-001 - Cross-Site Request Forgery via add_project Action
Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action.
CVE-2009-2579 EXPLOITDB text WORKING POC
CS-Cart < 2.0.6 - Authenticated SQL Injection via Reward Points sort_order Parameter
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
EIP-2026-106128 EXPLOITDB text WRITEUP
Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities
CVE-2009-2733 EXPLOITDB text WRITEUP
Achievo < 1.4.0 - Cross-Site Scripting via Scheduler Title and Contract Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php.
CVE-2009-2733 EXPLOITDB text WORKING POC
Achievo < 1.4.0 - Cross-Site Scripting via Scheduler Title and Contract Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php.
CVE-2009-2734 EXPLOITDB text WRITEUP
Achievo < 1.4.0 - SQL Injection via Userid Parameter
SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.