Simo Ben Youssef

12 exploits Active since Aug 2006
CVE-2015-9499 WRITEUP CRITICAL WORKING POC
Showbiz Pro < 1.7.1 - Unauthenticated PHP File Upload via ZIP Archive
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
CVSS 9.8
CVE-2006-4921 EXPLOITDB perl WORKING POC
Site@School <2.4.03 - Remote Code Execution
PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.
CVE-2015-9499 EXPLOITDB CRITICAL perl WORKING POC
Showbiz Pro < 1.7.1 - Unauthenticated PHP File Upload via ZIP Archive
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
CVSS 9.8
CVE-2006-4920 EXPLOITDB perl WORKING POC
Site@School <2.4.02 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.
CVE-2006-4919 EXPLOITDB perl WORKING POC
Site@School <2.4.02 - Path Traversal
Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.
CVE-2014-9735 METASPLOIT ruby WORKING POC
ThemePunch Slider Revolution <3.0.96 & Showbiz Pro <1.7.1 - RCE
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.
CVE-2013-6129 EXPLOITDB perl WORKING POC
vBulletin 4.1 and 5 - Unauthenticated Administrative Account Creation via install/upgrade.php
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
CVE-2006-4922 EXPLOITDB perl WORKING POC
Site@School <2.4.02 - Remote Code Execution
Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions.
CVE-2006-4114 EXPLOITDB perl WORKING POC
phpmyring < 4.2 - SQL Injection via idsite Parameter
SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter.
CVE-2014-9001 EXPLOITDB perl WORKING POC
Incredible PBX 11 2.0.6.5.0 - Command Injection
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.
EIP-2026-106206 EXPLOITDB text WORKING POC
cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2014-9735 EXPLOITDB ruby WORKING POC
ThemePunch Slider Revolution <3.0.96 & Showbiz Pro <1.7.1 - RCE
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.