__GiReX__

18 exploits Active since Dec 2007
CVE-2008-6590 EXPLOITDB WORKING POC
LightNEasy 1.2.2 - Path Traversal via Page Parameter
Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php.
CVE-2008-6592 EXPLOITDB text WORKING POC
LightNEasy - Path Traversal and Arbitrary File Access via thumbsup.php Image Parameter
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
CVE-2007-6584 EXPLOITDB perl WORKING POC
1024 CMS 1.3.1 - Path Traversal via Lang or Theme Parameters
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.
CVE-2008-2028 EXPLOITDB text WORKING POC
miniBB < 2.2 - Exposure of Sensitive Information via glang Parameter
miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.
CVE-2008-2024 EXPLOITDB text WORKING POC
miniBB < 2.2 - Cross-Site Scripting via glang[] Parameter
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.
CVE-2008-1554 EXPLOITDB text WORKING POC
TopperMod 2.0 - SQL Injection via Localita Parameter
SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.
CVE-2008-3153 EXPLOITDB perl WORKING POC
Triton CMS Pro < 1.0.6 - SQL Injection via X-Forwarded-For Header
SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
CVE-2008-1553 EXPLOITDB text WORKING POC
TopperMod 1.0 - Path Traversal via 'to' Parameter in mod.php
Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the to parameter.
CVE-2008-7064 EXPLOITDB perl WORKING POC
Quicksilver Forums <= 1.4.2 - Remote Code Execution via Lang Parameter Backslash Bypass
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
CVE-2008-1860 EXPLOITDB perl WORKING POC
LokiCMS < 0.3.3 - Remote Code Execution via Default Parameter
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
CVE-2008-2029 EXPLOITDB text WORKING POC
miniBB < 2.2 - SQL Injection via xtr Parameter
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
CVE-2008-6643 EXPLOITDB perl WORKING POC
LokiCMS 0.3.4 - Unauthenticated Configuration Modification via LokiACTION Parameter
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
CVE-2008-6593 EXPLOITDB text WORKING POC
LightNEasy SQLite <= 1.2.2 - SQL Injection via dlid Parameter
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
CVE-2008-6537 EXPLOITDB perl WORKING POC
LightNEasy 1.2 - Unauthenticated Administrator Password Hash Exposure via Setup Action
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
CVE-2008-3416 EXPLOITDB text WORKING POC
IceBB - SQL Injection via Username Parameter in Members Module
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
EIP-2026-106801 EXPLOITDB perl WORKING POC
EggBlog 4.0 - SQL Injection
CVE-2008-5320 EXPLOITDB perl WORKING POC
e107 < 0.7.13 - Authenticated SQL Injection via ue[] Parameter
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
CVE-2008-1911 EXPLOITDB perl WORKING POC
1024 CMS 1.4.2 beta and earlier - SQL Injection via cookpass Cookie
SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.