ajann

220 exploits Active since Mar 2005
CVE-2006-4733 EXPLOITDB text WORKING POC
sips < 0.3.1 - Remote File Inclusion via config[sipssys] Parameter
PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. NOTE: the product's documentation recommends placing the affected file outside of the web root, so the scope of issue is limited to admins who do not, or cannot, follow this recommendation.
CVE-2007-0867 EXPLOITDB html WORKING POC
Site-Assistant < 0990 - Remote File Inclusion via paths[version] Parameter
PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter.
CVE-2007-1425 EXPLOITDB perl WORKING POC
Triexa SonicMailer Pro < 3.2.3 - SQL Injection via List Parameter in Archive Action
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
CVE-2006-6343 EXPLOITDB text WORKING POC
Neocrome Seditio <1.10 - SQL Injection
SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1619 EXPLOITDB perl WORKING POC
scriptmagix_photo_rating < 2.0 - SQL Injection via viewcomments.php phid Parameter
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
CVE-2007-1617 EXPLOITDB perl WORKING POC
ScriptMagix Recipes < 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1011 EXPLOITDB html WORKING POC
VS-Gastebuch < 1.5.3 - Remote File Inclusion via gb_pfad Parameter
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.
CVE-2007-1618 EXPLOITDB perl WORKING POC
scriptmagix_faq_builder < 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1616 EXPLOITDB perl WORKING POC
ScriptMagix Lyrics < 2.0 - SQL Injection via recid Parameter
SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter.
CVE-2007-1615 EXPLOITDB perl WORKING POC
scriptmagix_jokes < 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-5638 EXPLOITDB text WORKING POC
phpmyring < 4.2.1 - SQL Injection via cherche.php limite or mots Parameters
Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters.
EIP-2026-111151 EXPLOITDB text WRITEUP
PHPMyChat Plus 1.9 - Multiple Local File Inclusions
CVE-2006-5707 EXPLOITDB WORKING POC
PHPEasyData Pro 1.4.1 and 2.2.1 - SQL Injection via Cat Parameter
SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-7119 EXPLOITDB text WRITEUP
phpgiggle < 12.08 - Remote File Inclusion via CFG_PHPGIGGLE_ROOT Parameter
PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter.
CVE-2007-0679 EXPLOITDB text WORKING POC
nicolas_grandjean phpmyring < 4.1.3b - Remote File Inclusion via lang/leslangues.php fichier Parameter
PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.
CVE-2007-1034 EXPLOITDB WORKING POC
Emporium Module < 2.3.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
EIP-2026-111149 EXPLOITDB text WRITEUP
PHPMyChat 0.14/0.15 - 'Languages.Lib.php' Local File Inclusion
CVE-2007-0985 EXPLOITDB perl WORKING POC
phpcc < beta_4.2 - SQL Injection via nickpage.php npid Parameter
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.
CVE-2006-5866 EXPLOITDB perl WORKING POC
phpmanta < 1.0.2 - Directory Traversal via File Parameter
Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.
CVE-2007-0638 EXPLOITDB text WRITEUP
Vlad Alexa Mancini PHPFootball 1.6 - Info Disclosure
show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.
CVE-2006-5828 EXPLOITDB perl WORKING POC
DeltaScripts PHP Classifieds <= 7.1 - SQL Injection via detail.php user_id Parameter
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2007-0786 EXPLOITDB text WORKING POC
Noname Media Photo Galerie <1.1.1 - SQL Injection
SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-110715 EXPLOITDB html WORKING POC
PHP League 0.81 - 'config.php' Remote File Inclusion
CVE-2006-6645 EXPLOITDB text WORKING POC
mxbb_web_links < 2.05 - Remote File Inclusion via mx_root_path Parameter
PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
CVE-2006-6644 EXPLOITDB text WORKING POC
mxBB <1.1.2 - Remote Code Execution
PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.