Stas Svistunovich

15 exploits Active since Dec 2007
CVE-2008-0612 EXPLOITDB text WORKING POC
XOOPS 2.0.18 - Path Traversal via Lang Parameter
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-0359 EXPLOITDB text WRITEUP
BLOG:CMS 4.2.1b - Cross-Site Scripting via PATH_INFO to photo/admin.php or photo/index.php
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.
CVE-2007-6547 EXPLOITDB text WRITEUP
RunCMS < 1.6 - Unauthenticated Password Change
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
CVE-2007-6546 EXPLOITDB text WRITEUP
RunCMS < 1.6 - Session Hijacking via Predictable Session ID
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
CVE-2007-6545 EXPLOITDB text WRITEUP
RunCMS < 1.6 - Cross-Site Scripting via News Subject Parameter
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php.
CVE-2007-6544 EXPLOITDB text WRITEUP
RunCMS - SQL Injection via lid Parameter
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
CVE-2008-0613 EXPLOITDB text WORKING POC
XOOPS 2.0.18 - Open Redirect via xoops_redirect Parameter
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
CVE-2008-0609 EXPLOITDB text WRITEUP
DivideConcept VHD Web Pack 2.0 - Remote File Inclusion via Page Parameter Path Traversal
Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0231 EXPLOITDB text WORKING POC
Tuned Studios Classic Theme and others - Path Traversal via Page Parameter
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.
CVE-2007-6548 EXPLOITDB text WRITEUP
RunCMS < 1.6 - Authenticated PHP Code Injection via Admin Parameters
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/.
CVE-2008-0742 EXPLOITDB text WORKING POC
PowerScripts PowerNews 2.5.6 - Path Traversal via Subpage Parameter
Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.
CVE-2008-0513 EXPLOITDB text WORKING POC
phpcms 1.2.2 - Path Traversal via File Parameter in parser.php
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
CVE-2008-0360 EXPLOITDB text WRITEUP
BLOG:CMS 4.2.1b - SQL Injection via blogid, user, or field Parameter
Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.
CVE-2008-0332 EXPLOITDB text WORKING POC
aria 0.99-6 - Path Traversal via Page Parameter
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
CVE-2008-1145 EXPLOITDB text WRITEUP
WEBrick <1.8.5-p115, 1.8.6-p114, 1.9-1.9.0-1 - Path Traversal
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.