ahmadbady

82 exploits Active since Jun 2008
CVE-2009-0448 EXPLOITDB text WORKING POC
Syntax Desktop 2.7 - Path Traversal
Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the synTarget parameter.
CVE-2009-0456 EXPLOITDB text WORKING POC
Sourdough 0.3.5 patForms - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter.
CVE-2009-1451 EXPLOITDB text WORKING POC
SMA-DB 0.3.12 - Cross-Site Scripting via PATH_INFO in startpage.php
Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-1846 EXPLOITDB text WORKING POC
SiteX < 0.7.4 - Path Traversal via THEME_FOLDER Parameter
Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php, (4) Streamline/homepage.php, and (5) Structure/homepage.php in themes/.
CVE-2009-1637 EXPLOITDB html WORKING POC
Simple Customer 1.3 - Unauthenticated Admin Credential Change via profile.php
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.
EIP-2026-111790 EXPLOITDB html WORKING POC
RogioBiz PHP Fle Manager 1.2 - Admin Bypass
CVE-2009-0330 EXPLOITDB text WORKING POC
SCMS 1 - Path Traversal via Index.php P Parameter
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
EIP-2026-111860 EXPLOITDB text WRITEUP
S9Y Serendipity 1.5.4 - Arbitrary File Upload
EIP-2026-111856 EXPLOITDB html WORKING POC
S40 CMS 0.4.1 - Cross-Site Request Forgery (Change Admin Password)
CVE-2009-0495 EXPLOITDB text WORKING POC
REALTOR 747 4.11 - Remote Code Execution via INC_DIR Parameter
PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter.
CVE-2009-0596 EXPLOITDB text WORKING POC
phpSkelSite 1.4 - Remote File Inclusion via TplSuffix Parameter
Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter.
CVE-2009-0103 EXPLOITDB text WORKING POC
playSMS 0.9.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.
CVE-2009-1765 EXPLOITDB text WORKING POC
pluck 4.6.2 - Path Traversal via langpref Parameter
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194.
CVE-2009-0827 EXPLOITDB text WRITEUP
PollHelper - Unauthenticated Arbitrary File Download via Direct Request
PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
EIP-2026-111597 EXPLOITDB text WORKING POC
PWP Wiki Processor 1-5-1 - Arbitrary File Upload
CVE-2009-1551 EXPLOITDB text WORKING POC
Qt quickteam 2 - Remote File Inclusion via qte_web_path or qte_root Parameter
Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php.
CVE-2009-2398 EXPLOITDB text WORKING POC
PHP-Sugar 0.80 - Path Traversal via t Parameter
Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter.
EIP-2026-111194 EXPLOITDB text WRITEUP
phpScribe 0.9 - 'user.cfg' Remote Configuration Disclosure
CVE-2008-6849 EXPLOITDB text WORKING POC
phpGreetCards 3.7 - Unauthenticated Remote Code Execution via File Upload
Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php.
EIP-2026-111057 EXPLOITDB text WORKING POC
PHPFreeChat 1.1 - 'demo21_with_hardocded_urls.php' Cross-Site Scripting
CVE-2009-2112 EXPLOITDB text WORKING POC
phpfk 7.03 - Path Traversal and Arbitrary File Inclusion via _FORUM[settings_design_style] Parameter
Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter.
CVE-2008-6251 EXPLOITDB text WORKING POC
phpFan 3.3.4 - Remote Code Execution via Includepath Parameter
PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
CVE-2008-6920 EXPLOITDB text WORKING POC
phpEmployment 1.8 - Unauthenticated Arbitrary File Upload via auth.php regnew Action
Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/.
CVE-2008-6609 EXPLOITDB text WORKING POC
phpcksec 0.2 - Cross-Site Scripting via Path Parameter
Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2008-6921 EXPLOITDB text WORKING POC
phpAdBoard 1.8 - Unauthenticated Arbitrary File Upload via Photoes Directory
Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/.