Virangar Security

34 exploits Active since Jul 2006
CVE-2008-2115 EXPLOITDB text WORKING POC
ScriptsEZ.net Power Editor 2.0 - Cross-Site Scripting via te and dir Parameters
Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action.
CVE-2008-0185 EXPLOITDB text WORKING POC
NetRisk 1.9.7 - SQL Injection via PID Parameter
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).
CVE-2008-2906 EXPLOITDB text WORKING POC
WebChamado 1.1 - SQL Injection via tsk_id Parameter
SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter.
CVE-2008-4592 EXPLOITDB text WORKING POC
Sports Clubs Web Panel 0.0.1 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
CVE-2008-6634 EXPLOITDB text WORKING POC
RoomPHPlanning 1.5 - SQL Injection via idroom Parameter
SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idroom parameter to weekview.php.
CVE-2008-6664 EXPLOITDB text WORKING POC
SH-News 3.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values.
CVE-2009-0705 EXPLOITDB text WORKING POC
PowerScripts PowerNews <2.5.4 - SQL Injection
SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2008-3598 EXPLOITDB text WORKING POC
psipuss 1.0 - SQL Injection via Cid Parameter or Username Parameter
Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
CVE-2009-0707 EXPLOITDB text WORKING POC
PowerClan 1.14a - SQL Injection via Login Email Parameter
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
CVE-2008-2116 EXPLOITDB text WORKING POC
ScriptsEZ.net Power Editor 2.0 - Path Traversal via te and dir Parameters
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.
EIP-2026-111242 EXPLOITDB text WORKING POC
PHPwebnews 0.2 MySQL Edition - 'SQL' Insecure Cookie Handling
CVE-2008-6812 EXPLOITDB text WORKING POC
phpWebNews 0.2 - SQL Injection via bukutamu.php det Parameter
SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter.
CVE-2008-7145 EXPLOITDB text WORKING POC
CoronaMatrix phpAddressBook 2.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.
CVE-2008-3602 EXPLOITDB text WORKING POC
uPHP_ring_website 0.9.1 - Auth Bypass
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVE-2006-3917 EXPLOITDB text WRITEUP
R. Corson PHP Forge <3 - Code Injection
PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter.
CVE-2008-7179 EXPLOITDB text WORKING POC
OTManager CMS 2.4 - Unauthenticated Authentication Bypass via Cookie Manipulation
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
CVE-2008-0186 EXPLOITDB text WORKING POC
NetRisk < 1.9.7 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.
CVE-2008-0280 EXPLOITDB text WORKING POC
MTCMS 2.0 - SQL Injection via a or cid Parameter
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
CVE-2008-2301 EXPLOITDB text WORKING POC
Kostenloses Linkmanagementscript - SQL Injection via id Parameter
SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php.
CVE-2008-1726 EXPLOITDB text WORKING POC
KnowledgeQuest 2.6 - SQL Injection via kqid or username Parameter
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.
CVE-2009-1026 EXPLOITDB text WORKING POC
Kim Websites 1.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-6300 EXPLOITDB text WORKING POC
Galatolo WebManager 1.3a - Unauthenticated Authentication Bypass via Cookie Manipulation
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5820 EXPLOITDB text WORKING POC
eDreamers eDNews 2 - SQL Injection via newsid Parameter
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2008-3292 EXPLOITDB text WORKING POC
EZWebAlbum 1.0 - Unauthenticated Authentication Bypass via photoalbumadmin Cookie
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
CVE-2008-2135 EXPLOITDB text WORKING POC
VisualShapers ezContents 2.0.0 - SQL Injection via contentname or article Parameter
Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php.