SirGod

121 exploits Active since Jul 2008
CVE-2008-6126 EXPLOITDB WORKING POC
MoziloCMS <1.10.2 - Path Traversal
Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.
CVE-2009-1361 EXPLOITDB WORKING POC
Gscripts DNS Tools - Improper Input Validation
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4977 EXPLOITDB text WORKING POC
Tufat Mybackup - Code Injection
PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.
CVE-2009-2735 EXPLOITDB text WORKING POC
OpenNews 1.0 - SQL Injection
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-2129 EXPLOITDB text WRITEUP
Elvin 1.2.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.
CVE-2009-2127 EXPLOITDB text WRITEUP
Elvin 1.2.0 - XSS
Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2009-2124 EXPLOITDB text WRITEUP
Elvin 1.2.0 - Path Traversal
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
CVE-2009-2123 EXPLOITDB text WRITEUP
Elvin 1.2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
CVE-2008-6725 EXPLOITDB text WORKING POC
Cmscout - SQL Injection
Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php.
CVE-2009-3216 EXPLOITDB text WORKING POC
Iwiccle - Path Traversal
Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php.
CVE-2009-2153 EXPLOITDB text WORKING POC
Impleo Music Collection 2.0 - XSS
Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
CVE-2009-2151 EXPLOITDB text WORKING POC
AdaptWeb 0.9.2 - Path Traversal
Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter.
CVE-2009-1247 EXPLOITDB text WORKING POC
Acutecp - SQL Injection
SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-1024 EXPLOITDB text WORKING POC
Beerwin Phplinkadmin - SQL Injection
Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.
CVE-2008-6905 EXPLOITDB text WORKING POC
Babbleboard - CSRF
Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page.
CVE-2009-4792 EXPLOITDB text WORKING POC
BandSite CMS 1.1.4 - SQL Injection
SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php.
CVE-2009-3715 EXPLOITDB text WORKING POC
Maniacomputer Mcshoutbox - SQL Injection
Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-3714 EXPLOITDB text WORKING POC
Maniacomputer Mcshoutbox - XSS
Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter.
CVE-2009-3514 EXPLOITDB text WORKING POC
Marcin Manek D.net Cms - SQL Injection
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.
CVE-2009-3506 EXPLOITDB text WORKING POC
Jean-michel Wyttenbach Cmsphp - XSS
Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php.
CVE-2009-1951 EXPLOITDB text WORKING POC
PropertyMax Pro FREE 0.3 - XSS
Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action.
CVE-2009-1404 EXPLOITDB text WORKING POC
Pastelcms - SQL Injection
SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter.
CVE-2009-1369 EXPLOITDB text WORKING POC
Mozilocms - Improper Input Validation
moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.
CVE-2009-1368 EXPLOITDB text WORKING POC
Mozilocms - Path Traversal
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.
CVE-2009-1367 EXPLOITDB text WORKING POC
Mozilocms - XSS
Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.