The:Paradox

20 exploits Active since Dec 2007
CVE-2008-1861 EXPLOITDB text WRITEUP
exbb_italia < 0.2.2 - Remote File Inclusion via exbb[default_lang] Parameter
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter.
CVE-2008-0141 EXPLOITDB HIGH python WORKING POC
WebPortal CMS 0.6-beta - Info Disclosure
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.
CVSS 7.5
CVE-2008-0142 EXPLOITDB python WORKING POC
WebPortal CMS 0.6-beta - SQL Injection via User Name Parameter
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.
EIP-2026-113097 EXPLOITDB python WORKING POC
VigileCMS 1.8 - Stealth Remote Command Execution
CVE-2008-6741 EXPLOITDB python WORKING POC
Simple Machines Forum < 1.1.4 - SQL Injection via db_character_set Parameter
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
EIP-2026-112254 EXPLOITDB python WRITEUP
SMF 2.0.1 - SQL Injection / Privilege Escalation
EIP-2026-111829 EXPLOITDB python WORKING POC
RunCMS 1.6.1 - 'msg_image' SQL Injection
CVE-2008-2778 EXPLOITDB python WORKING POC
Revokebb 1.0 RC11 - SQL Injection via Search Parameter
SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter.
EIP-2026-111830 EXPLOITDB python WORKING POC
RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injections
EIP-2026-112012 EXPLOITDB text WRITEUP
Shadowed Portal 5.7d3 - 'POST' Remote File Inclusion
EIP-2026-112013 EXPLOITDB python WORKING POC
Shadowed Portal 5.7d3 - Remote Command Execution
CVE-2008-1591 EXPLOITDB python WORKING POC
PostNuke < 0.764 - SQL Injection via HTTP_CLIENT_IP Variable
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).
CVE-2008-1918 EXPLOITDB python WORKING POC
PHP-Fusion <6.01.14, <6.00.307 - SQL Injection
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.
EIP-2026-110867 EXPLOITDB perl WORKING POC
PHP-Nuke 8.0 - SQL Injection
CVE-2009-2230 EXPLOITDB php WORKING POC
MyBB <1.4.7 - SQL Injection
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
EIP-2026-109777 EXPLOITDB text WORKING POC
MyPHP Forum 3.0 - 'search.php' Multiple SQL Injections
CVE-2008-0099 EXPLOITDB text WORKING POC
MyPHP Forum < 3.0 - SQL Injection via Search Parameter
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.
CVE-2008-0734 EXPLOITDB python WORKING POC
Limbo CMS < 1.0.4.2 - SQL Injection via cuid Cookie Parameter
SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php.
CVE-2008-1862 EXPLOITDB text WRITEUP
exbb_italia < 0.2.2 - Remote File Inclusion via new_exbb[home_path] or exbb[home_path] Parameter
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.
CVE-2007-6237 EXPLOITDB python WORKING POC
DeluxeBB 1.09 - Authenticated Profile Update via Membercookie Parameter Manipulation
cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php.