SirGod

121 exploits Active since Jul 2008
CVE-2009-2921 EXPLOITDB text WORKING POC
MOC Designs PHP News 1.1 - SQL Injection via User or Password Field
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
CVE-2009-1607 EXPLOITDB text WORKING POC
LinkBase 2.0 - Stored Cross-Site Scripting via Username Registration
Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu.
CVE-2009-2263 EXPLOITDB text WORKING POC
Awesome PHP Mega File Manager 1.0 - Path Traversal
Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2009-3716 EXPLOITDB text WORKING POC
MCshoutbox 1.1 - Authenticated Arbitrary File Upload via Admin Panel
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.
CVE-2009-0383 EXPLOITDB html WORKING POC
Max.Blog 1.0.6 - Unauthenticated Arbitrary Blog Post Deletion via delete.php
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.
CVE-2009-0571 EXPLOITDB text WRITEUP
Ninja Designs Mailist <3.0 - Info Disclosure
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.
CVE-2008-4175 EXPLOITDB text WORKING POC
Linkbidscript - SQL Injection
Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php.
CVE-2009-4722 EXPLOITDB text WORKING POC
Limny 1.01 - SQL Injection via Username Parameter
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-3511 EXPLOITDB text WORKING POC
justVisual 1.2 - Remote Code Execution via fs_jVroot Parameter
Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php.
CVE-2008-4169 EXPLOITDB text WORKING POC
iScripts EasyIndex - SQL Injection via detaillist.php produid Parameter
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
CVE-2008-4522 EXPLOITDB text WORKING POC
JMweb MP3 Music Audio Search and Download Script - Path Traversal via src Parameter
Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php.
EIP-2026-108047 EXPLOITDB text WRITEUP
Jaw Portal 1.2 - 'index.php' Multiple Local File Inclusions
CVE-2009-3217 EXPLOITDB text WORKING POC
iWiccle 1.01 - SQL Injection via member_id Parameter
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
CVE-2009-2154 EXPLOITDB text WORKING POC
Impleo Music Collection 2.0 - SQL Injection
SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-7006 EXPLOITDB text WRITEUP
Free PHP VX Guestbook 1.06 - Unauthenticated Database Backup Download via Direct Request
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
CVE-2009-1319 EXPLOITDB text WORKING POC
GuestCal 2.1 - Remote File Inclusion via Lang Parameter Path Traversal
Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php.
CVE-2008-4155 EXPLOITDB text WORKING POC
EasySite 2.3 - Path Traversal via Module or Action Parameter
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php.
CVE-2009-1486 EXPLOITDB text WORKING POC
Flatchat 3.0 - Path Traversal via pmscript.php with Parameter
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
CVE-2009-2130 EXPLOITDB text WRITEUP
elvinbts 1.2.0 - Unauthenticated Sensitive Information Exposure via Direct Request
Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request.
CVE-2009-2111 EXPLOITDB php WORKING POC
DB Top Sites 1.0 - Remote Code Injection via add_reg.php URL and Location Parameters
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.
CVE-2009-2110 EXPLOITDB text WORKING POC
DB Top Sites 1.0 - Path Traversal via u Parameter
Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php.
CVE-2008-4075 EXPLOITDB text WORKING POC
D-iscussion Board 3.01 - Path Traversal via Topic Parameter
Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
CVE-2009-3515 EXPLOITDB text WORKING POC
d.net CMS - Authenticated Path Traversal via Type Parameter
Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
CVE-2009-1916 EXPLOITDB text WORKING POC
GScripts.net DNS Tools - OS Command Injection via dig.php ns Parameter
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.
CVE-2009-2784 EXPLOITDB text WORKING POC
dit.cms 1.3 - Path Traversal via Multiple Parameters
Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors.