ajann

220 exploits Active since Mar 2005
CVE-2006-4733 EXPLOITDB text WORKING POC
Haakon Nilsen SIPS <0.3.1 - RCE
PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. NOTE: the product's documentation recommends placing the affected file outside of the web root, so the scope of issue is limited to admins who do not, or cannot, follow this recommendation.
CVE-2007-0867 EXPLOITDB html WORKING POC
Site-Assistant <0990 - RCE
PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter.
CVE-2007-1425 EXPLOITDB perl WORKING POC
Triexa Sonicmailer Pro < 3.2.3 - SQL Injection
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
CVE-2006-6343 EXPLOITDB text WORKING POC
Neocrome Seditio <1.10 - SQL Injection
SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1619 EXPLOITDB perl WORKING POC
Scriptmagix Photo Rating < 2.0 - SQL Injection
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
CVE-2007-1617 EXPLOITDB perl WORKING POC
Scriptmagix Recipes < 2.0 - SQL Injection
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1011 EXPLOITDB html WORKING POC
VS-Gastebuch <1.5.3 - RCE
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.
CVE-2007-1618 EXPLOITDB perl WORKING POC
Scriptmagix Faq Builder < 2.0 - SQL Injection
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1616 EXPLOITDB perl WORKING POC
Scriptmagix Lyrics < 2.0 - SQL Injection
SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter.
CVE-2007-1615 EXPLOITDB perl WORKING POC
Scriptmagix Jokes < 2.0 - SQL Injection
SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-5638 EXPLOITDB text WORKING POC
Phpmyring < 4.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters.
EIP-2026-111151 EXPLOITDB text WRITEUP
PHPMyChat Plus 1.9 - Multiple Local File Inclusions
CVE-2006-5707 EXPLOITDB WORKING POC
Phpeasydata Pro - SQL Injection
SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-7119 EXPLOITDB text WRITEUP
PHPGiggle <12.08 - RCE
PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter.
CVE-2007-0679 EXPLOITDB text WORKING POC
PHPMyRing <4.1.3b - RCE
PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.
CVE-2007-1034 EXPLOITDB WORKING POC
Emporium <2.3.0 - SQL Injection
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
EIP-2026-111149 EXPLOITDB text WRITEUP
PHPMyChat 0.14/0.15 - 'Languages.Lib.php' Local File Inclusion
CVE-2007-0985 EXPLOITDB perl WORKING POC
phpCC <4.2 - SQL Injection
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.
CVE-2006-5866 EXPLOITDB perl WORKING POC
Phpmanta < 1.0.2 - Path Traversal
Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.
CVE-2007-0638 EXPLOITDB text WRITEUP
Vlad Alexa Mancini PHPFootball 1.6 - Info Disclosure
show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.
CVE-2006-5828 EXPLOITDB perl WORKING POC
Deltascripts Php Classifieds - SQL Injection
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2007-0786 EXPLOITDB text WORKING POC
Noname Media Photo Galerie <1.1.1 - SQL Injection
SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-110715 EXPLOITDB html WORKING POC
PHP League 0.81 - 'config.php' Remote File Inclusion
CVE-2006-6645 EXPLOITDB text WORKING POC
PHP <2.05 - RCE
PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
CVE-2006-6644 EXPLOITDB text WORKING POC
mxBB <1.1.2 - RCE
PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.