Silentz

29 exploits Active since May 2007
CVE-2007-2599 EXPLOITDB perl WORKING POC
TutorialCMS < 1.00 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
CVE-2007-3312 EXPLOITDB php WORKING POC
Jasmine CMS 1.0 - Authenticated Directory Traversal via u Parameter
Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
CVE-2007-2901 EXPLOITDB perl WORKING POC
Dokeos < 1.8.0 - Cross-Site Scripting via ImageManager img Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
CVE-2007-3234 EXPLOITDB perl WORKING POC
Fuzzylime Forum 1.0 - SQL Injection via Topic Parameter
SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2007-3214 EXPLOITDB php WORKING POC
e-vision_cms < 2.02 - SQL Injection via Template Parameter
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.
CVE-2007-6666 EXPLOITDB perl WORKING POC
Zenphoto 1.1-1.1.3 - SQL Injection via rss.php albumnr Parameter
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
CVE-2007-2822 EXPLOITDB text WRITEUP
TutorialCMS <= 1.01 - Authentication Bypass via loggedIn and activated Parameters
TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
CVE-2007-2600 EXPLOITDB perl WORKING POC
TutorialCMS < 1.00 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.
CVE-2007-2622 EXPLOITDB perl WORKING POC
TaskDriver < 1.2 - SQL Injection via Username or Taskid Parameter
Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php.
CVE-2007-2750 EXPLOITDB perl WORKING POC
SimpNews < 2.40.01 - SQL Injection via print.php newsnr Parameter
SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter.
CVE-2007-2598 EXPLOITDB perl WORKING POC
SimpleNews 1.0.0 FINAL - SQL Injection
SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
CVE-2007-3082 EXPLOITDB php WORKING POC
sendcard < 3.4.1 - Directory Traversal via sc_language Parameter
Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter.
CVE-2008-0358 EXPLOITDB php WORKING POC
Pixelpost 1.7 - SQL Injection via parent_id Parameter
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.
EIP-2026-110581 EXPLOITDB php WORKING POC
Pheap 2.0 - 'config.php' Pheap_Login Authentication Bypass
CVE-2007-3065 EXPLOITDB php WORKING POC
Particle Soft Particle Gallery <= 1.0.1 - SQL Injection via viewimage.php editcomment Parameter
SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862.
CVE-2007-3096 EXPLOITDB php WORKING POC
PBLang < 4.67.16.a - Directory Traversal via Lang Parameter
Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2007-2985 EXPLOITDB php WORKING POC
Pheap 2.0 - Unauthenticated Authentication Bypass via pheap_login Cookie
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.
CVE-2008-0382 EXPLOITDB php WORKING POC
Mybulletinboard - Code Injection
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
CVE-2007-2942 EXPLOITDB perl WORKING POC
My Little Forum <1.7 - SQL Injection
SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4781 EXPLOITDB php WORKING POC
Joomla! 1.5 Beta1-1.5 RC1 - Authenticated Arbitrary File Upload via Installer Component
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.
CVE-2007-3313 EXPLOITDB php WORKING POC
Jasmine CMS 1.0 - SQL Injection via Login Username or News Item Parameter
Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php.
CVE-2007-3235 EXPLOITDB perl WORKING POC
Fuzzylime Forum 1.0 - Cross-Site Scripting via Topic Parameter
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection.
CVE-2007-2971 EXPLOITDB php WORKING POC
gCards < 1.46 - SQL Injection via NewsID Parameter
SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2007-2749 EXPLOITDB perl WORKING POC
faqengine < 4.16.03 - SQL Injection via questionref Parameter
SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.
CVE-2007-3077 EXPLOITDB python WORKING POC
eqdkp < 1.3.2 - SQL Injection via Rank Parameter
SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.