ahmadbady

82 exploits Active since Jun 2008
CVE-2008-2690 EXPLOITDB text WORKING POC
BrowserCRM 5.002.00 - Remote Code Execution via bcrm_pub_root Parameter
Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1246 EXPLOITDB text WORKING POC
Blogplus 1.0 - Path Traversal and Arbitrary File Execution via Multiple Parameters
Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] parameter to (5) includes/window_down.php and (6) includes/window_top.php.
CVE-2009-0826 EXPLOITDB text WRITEUP
BlogHelper - Unauthenticated Database File Download via Direct Request
BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
CVE-2009-0457 EXPLOITDB text WORKING POC
AJA Portal 1.2 - Path Traversal via currentlang or module_name Parameter
Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module.
EIP-2026-104943 EXPLOITDB html WORKING POC
AdaptCMS Lite 1.5 - Arbitrary Add Admin
CVE-2010-1057 EXPLOITDB text WORKING POC
Phpkobo AdFreely <1.01 - Path Traversal
Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information.
CVE-2008-5597 EXPLOITDB text WRITEUP
Cold BBS - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.