Vrs-hCk

56 exploits Active since Oct 2008
CVE-2010-5040 EXPLOITDB text WORKING POC
NP_Gallery plugin 0.94 - Remote Code Execution via DIR_NUCLEUS Parameter
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1493 EXPLOITDB text WORKING POC
com_awdwall < 1.5.4 - SQL Injection via cbuser Parameter
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
CVE-2009-2593 EXPLOITDB text WRITEUP
Censura 1.16.04 - SQL Injection via itemid Parameter
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.
CVE-2008-4626 EXPLOITDB text WRITEUP
yappa-ng 2.3.2-2.3.3-beta0 - Path Traversal via Album Parameter
Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter.
EIP-2026-113242 EXPLOITDB text WRITEUP
webasyst shop-script - Blind SQL Injection / Cross-Site Scripting
EIP-2026-113241 EXPLOITDB text WRITEUP
WebAsyst Shop-Script - 'index.php' Cross-Site Scripting
CVE-2009-4926 EXPLOITDB text WORKING POC
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2010-2314 EXPLOITDB text WORKING POC
NP_Twitter Plugin 0.8-0.9 - Remote Code Execution via DIR_PLUGINS Parameter
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4926 EXPLOITDB text WRITEUP
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2009-4926 EXPLOITDB text WRITEUP
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2010-5041 EXPLOITDB text WORKING POC
NP_Gallery plugin 0.94 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
CVE-2009-4934 EXPLOITDB text WRITEUP
Online Photo Pro 2.0 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
CVE-2009-4926 EXPLOITDB text WRITEUP
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2009-4926 EXPLOITDB text WRITEUP
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
CVE-2008-4780 EXPLOITDB text WORKING POC
MyForum 1.3 - Path Traversal via padmin Parameter
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
CVE-2008-4760 EXPLOITDB perl WORKING POC
Graphiks MyForum 1.3 - SQL Injection via lecture.php id Parameter
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-1469 EXPLOITDB text WORKING POC
Joomla! com_jprojectmanager 1.0 - Path Traversal
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4628 EXPLOITDB perl WORKING POC
Joomla! com_tpdugg 1.1 - SQL Injection
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
EIP-2026-108842 EXPLOITDB text WORKING POC
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)
CVE-2010-1306 EXPLOITDB text WORKING POC
com_joomlapicasa2 2.0 and 2.0.5 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1534 EXPLOITDB text WORKING POC
com_shoutbox - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1308 EXPLOITDB text WORKING POC
Joomla! com_svmap 1.1.1 - Path Traversal
Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2008-6172 EXPLOITDB text WORKING POC
RWCards 3.0.11 - Path Traversal and Arbitrary Local File Inclusion via Captcha Image Parameter
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
CVE-2010-1659 EXPLOITDB text WORKING POC
com_ultimateportfolio 1.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108801 EXPLOITDB text WORKING POC
Joomla! Component My Files 1.0 - Local File Inclusion