Stephan Sattler

15 exploits Active since Mar 2010
CVE-2010-3485 EXPLOITDB WORKING POC
LightNEasy 3.2.1 - SQL Injection via Userhandle Cookie
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4751 EXPLOITDB WORKING POC
LightNEasy 3.2.1 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485.
CVE-2010-3484 EXPLOITDB text WORKING POC
LightNEasy 3.2.1 - SQL Injection via Handle Parameter
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.
CVE-2010-3482 EXPLOITDB text WRITEUP
Primitive CMS 1.0.9 - SQL Injection
Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication.
CVE-2010-3483 EXPLOITDB text WRITEUP
Primitive CMS 1.0.9 - Privilege Escalation
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.
EIP-2026-109338 EXPLOITDB text WORKING POC
MatrikzGB Guestbook 2.0 - Administrative Privilege Escalation
CVE-2010-4752 EXPLOITDB text WORKING POC
LightNEasy 3.2.1 - SQL Injection via Page Parameter
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4902 EXPLOITDB text WRITEUP
Joomla! com_clantools 1.2.3 - SQL Injection
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
CVE-2010-4904 EXPLOITDB text WORKING POC
Joomla! com_aardvertiser 2.1-2.1.1 - SQL Injection
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4902 EXPLOITDB text WRITEUP
Joomla! com_clantools 1.2.3 - SQL Injection
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
EIP-2026-105570 EXPLOITDB text WRITEUP
BMForum Myna 6.0 - SQL Injection
EIP-2026-105272 EXPLOITDB text WORKING POC
Aspect Ratio CMS - Blind SQL Injection
EIP-2026-105211 EXPLOITDB text WORKING POC
Aprox CMS Engine 6.0 - Multiple Vulnerabilities
CVE-2010-1093 EXPLOITDB text WORKING POC
1024 CMS 2.1.1 - SQL Injection via RSS.php id Parameter
SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action.
CVE-2012-0045 EXPLOITDB text STUB
Linux Kernel < 3.2.14 - Denial of Service via KVM em_syscall Opcode Handling
The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.