Tim Coen

29 exploits Active since Sep 2015
CVE-2015-9227 EXPLOITDB HIGH text WORKING POC
Alegrocart - Code Injection
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.
CVSS 7.2
CVE-2015-9226 EXPLOITDB HIGH text WORKING POC
Alegrocart - SQL Injection
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.
CVSS 7.2
CVE-2015-7309 METASPLOIT ruby WORKING POC
Bolt < 2.2.0 - Injection
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
EIP-2026-114623 EXPLOITDB text WORKING POC
ZeusCart 4.0 - Cross-Site Request Forgery
EIP-2026-114610 EXPLOITDB text WRITEUP
ZenPhoto 1.4.11 - Remote File Inclusion
CVE-2015-5595 EXPLOITDB MEDIUM text WRITEUP
Zenphoto <1.4.9 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).
CVSS 6.5
EIP-2026-114682 EXPLOITDB text WRITEUP
Mezzanine 4.2.0 - Cross-Site Scripting
EIP-2026-114625 EXPLOITDB text WRITEUP
ZeusCart 4.0 - SQL Injection
EIP-2026-111210 EXPLOITDB text WORKING POC
PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery
EIP-2026-111342 EXPLOITDB text WRITEUP
Pligg CMS 2.0.2 - Multiple SQL Injections
EIP-2026-111341 EXPLOITDB text WRITEUP
Pligg CMS 2.0.2 - Directory Traversal
EIP-2026-111340 EXPLOITDB text WRITEUP
Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution
EIP-2026-111288 EXPLOITDB text WRITEUP
PivotX 2.3.11 - Directory Traversal
EIP-2026-111119 EXPLOITDB text WRITEUP
phplist 3.2.6 - SQL Injection
EIP-2026-110285 EXPLOITDB text WORKING POC
OpenDocMan 1.3.4 - Cross-Site Request Forgery
EIP-2026-109701 EXPLOITDB text WRITEUP
MyBB 1.8.6 - SQL Injection
EIP-2026-109700 EXPLOITDB text WRITEUP
MyBB 1.8.6 - Cross-Site Scripting
EIP-2026-108961 EXPLOITDB text WRITEUP
Kajona 4.7 - Cross-Site Scripting / Directory Traversal
EIP-2026-109097 EXPLOITDB text WRITEUP
LEPTON 2.2.2 - SQL Injection
EIP-2026-109096 EXPLOITDB text WRITEUP
LEPTON 2.2.2 - Remote Code Execution
EIP-2026-107301 EXPLOITDB text WRITEUP
FUDforum 3.0.6 - Local File Inclusion
EIP-2026-107489 EXPLOITDB text WORKING POC
Grawlix 1.0.3 - Cross-Site Request Forgery
EIP-2026-107300 EXPLOITDB text WRITEUP
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-105941 EXPLOITDB text WRITEUP
ClipperCMS 1.3.0 - Multiple SQL Injections
EIP-2026-106050 EXPLOITDB text WRITEUP
CodoForum 3.3.1 - Multiple SQL Injections