Virangar Security

34 exploits Active since Jul 2006
CVE-2008-2115 EXPLOITDB text WORKING POC
Scriptsez Power Editor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action.
CVE-2008-0185 EXPLOITDB text WORKING POC
Netrisk - SQL Injection
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).
CVE-2008-2906 EXPLOITDB text WORKING POC
Webchamado - SQL Injection
SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter.
CVE-2008-4592 EXPLOITDB text WORKING POC
Sportspanel Sports Clubs Web Portal - Path Traversal
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
CVE-2008-6634 EXPLOITDB text WORKING POC
Beaussier Roomphplanning - SQL Injection
SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idroom parameter to weekview.php.
CVE-2008-6664 EXPLOITDB text WORKING POC
Yarck Sh-news - Authentication Bypass
action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values.
CVE-2009-0705 EXPLOITDB text WORKING POC
PowerScripts PowerNews <2.5.4 - SQL Injection
SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2008-3598 EXPLOITDB text WORKING POC
psipuss 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
CVE-2009-0707 EXPLOITDB text WORKING POC
PowerClan 1.14a - SQL Injection
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
CVE-2008-2116 EXPLOITDB text WORKING POC
Scriptsez Power Editor - Path Traversal
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.
EIP-2026-111242 EXPLOITDB text WORKING POC
PHPwebnews 0.2 MySQL Edition - 'SQL' Insecure Cookie Handling
CVE-2008-6812 EXPLOITDB text WORKING POC
Surat Kabar Phpwebnews < 0.2 - SQL Injection
SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter.
CVE-2008-7145 EXPLOITDB text WORKING POC
Coronamatrix Phpaddressbook - SQL Injection
Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.
CVE-2008-3602 EXPLOITDB text WORKING POC
uPHP_ring_website 0.9.1 - Auth Bypass
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVE-2006-3917 EXPLOITDB text WRITEUP
R. Corson PHP Forge <3 - Code Injection
PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter.
CVE-2008-7179 EXPLOITDB text WORKING POC
OTManager CMS 2.4 - Auth Bypass
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
CVE-2008-0186 EXPLOITDB text WORKING POC
Phprisk Netrisk < 1.9.7 - XSS
Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.
CVE-2008-0280 EXPLOITDB text WORKING POC
Mtcms - SQL Injection
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
CVE-2008-2301 EXPLOITDB text WORKING POC
Phpway Kostenloses Linkmanagementscript - SQL Injection
SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php.
CVE-2008-1726 EXPLOITDB text WORKING POC
KnowledgeQuest 2.6 - SQL Injection
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.
CVE-2009-1026 EXPLOITDB text WORKING POC
Kimwebsites Kim Websites - SQL Injection
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-6300 EXPLOITDB text WORKING POC
GWM Galatolo Webmanager - Authentication Bypass
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5820 EXPLOITDB text WORKING POC
eDreamers eDNews 2 - SQL Injection
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2008-3292 EXPLOITDB text WORKING POC
EZWebAlbum 1.0 - Auth Bypass
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
CVE-2008-2135 EXPLOITDB text WORKING POC
Visualshapers Ezcontents - SQL Injection
Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php.