SirGod

121 exploits Active since Jul 2008
CVE-2009-0570 EXPLOITDB text WRITEUP
Ninja Designs Mailist 3.0 - Path Traversal
Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-7057 EXPLOITDB text WORKING POC
BandSite CMS 1.1.4 - Cross-Site Scripting via Merchandise Type Parameter
Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.
CVE-2008-7056 EXPLOITDB text WORKING POC
BandSite CMS 1.1.4 - Unauthenticated Database Backup Download via adminpanel/phpmydump.php
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.
CVE-2008-6010 EXPLOITDB text WORKING POC
SG Real Estate Portal 2.0 - Path Traversal
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php.
CVE-2008-4115 EXPLOITDB text WORKING POC
TalkBack 2.3.6 - Unauthenticated Sensitive Information Exposure via info.php
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
CVE-2008-3925 EXPLOITDB text WORKING POC
Content Management Made Easy (CMME) 1.12 - Cross-Site Request Forgery via Admin Logout Action
Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action.
CVE-2008-3924 EXPLOITDB text WORKING POC
CMME <1.12 - Info Disclosure
The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.
CVE-2008-3923 EXPLOITDB text WORKING POC
CMME 1.12 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.
CVE-2008-3371 EXPLOITDB text WORKING POC
TalkBack < 2.3.6.2 - Remote File Inclusion via Language Parameter
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
CVE-2009-4756 EXPLOITDB perl WORKING POC
TraktorBeatport.exe <1.0.0.283 - Buffer Overflow
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
EIP-2026-116287 EXPLOITDB php WORKING POC
Spider Solitaire - Denial of Service (PoC)
CVE-2009-4754 EXPLOITDB perl WORKING POC
Mercury Audio Player 1.21 - Buffer Overflow
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
CVE-2009-4756 EXPLOITDB perl WORKING POC
TraktorBeatport.exe <1.0.0.283 - Buffer Overflow
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
CVE-2009-4757 EXPLOITDB text WORKING POC
BrotherSoft EW-MusicPlayer 0.8 - Buffer Overflow
Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information.
CVE-2009-1817 EXPLOITDB text WORKING POC
DigiMode Maya 1.0.2 - Remote Code Execution via Malformed Playlist File
Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file.
CVE-2009-4759 EXPLOITDB perl WORKING POC
BrotherSoft BMXPlay <0.4.4b - Buffer Overflow
Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file.
CVE-2008-4158 EXPLOITDB text WORKING POC
Zanfi CMS lite 1.2 - Path Traversal via Flag or Inc Parameter
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters.
CVE-2009-1038 EXPLOITDB text WORKING POC
YAP Blog 1.1.1 - SQL Injection via Image ID Parameter
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
CVE-2009-1406 EXPLOITDB text WORKING POC
TotalCalendar 2.4 - Path Traversal via Include Parameter
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
CVE-2009-4732 EXPLOITDB text WORKING POC
TT Web Site Manager 0.5 - SQL Injection
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-3859 EXPLOITDB text WRITEUP
Davlin Thickbox Gallery 2 - Info Disclosure
Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php.
EIP-2026-112597 EXPLOITDB text WORKING POC
tenrok 1.1.0 - File Disclosure / Remote Code Execution
CVE-2008-6336 EXPLOITDB text WORKING POC
Text Lines Rearrange Script 1.0 - Path Traversal via Filename Parameter
Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter.
CVE-2009-1625 EXPLOITDB text WORKING POC
Thickbox Gallery 2 - Path Traversal via ln Parameter
Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter.
CVE-2008-3593 EXPLOITDB text WORKING POC
SyzygyCMS 0.3 - Remote File Inclusion via Page Parameter Path Traversal
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.