Vrs-hCk

56 exploits Active since Oct 2008
CVE-2010-5040 EXPLOITDB text WORKING POC
Nucleus NP_Gallery <0.94 - RCE
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1493 EXPLOITDB text WORKING POC
Joomla! <1.5.5 - SQL Injection
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
CVE-2009-2593 EXPLOITDB text WRITEUP
Censura <1.16.04 - SQL Injection
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.
CVE-2008-4626 EXPLOITDB text WRITEUP
Zirkon BOX Yappa-ng - Path Traversal
Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter.
EIP-2026-113242 EXPLOITDB text WRITEUP
webasyst shop-script - Blind SQL Injection / Cross-Site Scripting
EIP-2026-113241 EXPLOITDB text WRITEUP
WebAsyst Shop-Script - 'index.php' Cross-Site Scripting
CVE-2009-4926 EXPLOITDB text WORKING POC
Esoftpro Online Contact Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2010-2314 EXPLOITDB text WORKING POC
Edmondhui.homeip NP Twitter - Code Injection
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4926 EXPLOITDB text WRITEUP
Esoftpro Online Contact Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2009-4926 EXPLOITDB text WRITEUP
Esoftpro Online Contact Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2010-5041 EXPLOITDB text WORKING POC
NP_Gallery 0.94 - SQL Injection
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
CVE-2009-4934 EXPLOITDB text WRITEUP
Esoftpro Online Photo Pro - XSS
Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
CVE-2009-4926 EXPLOITDB text WRITEUP
Esoftpro Online Contact Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2009-4926 EXPLOITDB text WRITEUP
Esoftpro Online Contact Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2008-4780 EXPLOITDB text WORKING POC
Easy-script Myforum - Path Traversal
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
CVE-2008-4760 EXPLOITDB perl WORKING POC
Graphiks Myforum - SQL Injection
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-1469 EXPLOITDB text WORKING POC
Joomla! com_jprojectmanager 1.0 - Path Traversal
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4628 EXPLOITDB perl WORKING POC
Joomla! com_tpdugg 1.1 - SQL Injection
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
EIP-2026-108842 EXPLOITDB text WORKING POC
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)
CVE-2010-1306 EXPLOITDB text WORKING POC
Picasa 2.0-2.0.5 - Path Traversal
Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1534 EXPLOITDB text WORKING POC
Joomla! - Path Traversal
Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1308 EXPLOITDB text WORKING POC
Joomla! com_svmap 1.1.1 - Path Traversal
Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2008-6172 EXPLOITDB text WORKING POC
Weberr Rwcards - Path Traversal
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
CVE-2010-1659 EXPLOITDB text WORKING POC
Webkul Com Ultimateportfolio - Path Traversal
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108801 EXPLOITDB text WORKING POC
Joomla! Component My Files 1.0 - Local File Inclusion