ajann

220 exploits Active since Mar 2005
CVE-2006-6645 EXPLOITDB text WORKING POC
PHP <2.05 - RCE
PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
CVE-2006-5618 EXPLOITDB WORKING POC
Netref - Path Traversal
Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter.
EIP-2026-109494 EXPLOITDB html WORKING POC
MiraksGalerie 2.62 - 'pcltar.lib.php' Remote File Inclusion
CVE-2007-0864 EXPLOITDB WORKING POC
LushiWarPlaner 1.0 - SQL Injection
SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter.
CVE-2007-0865 EXPLOITDB WORKING POC
LushiNews <1.01 - SQL Injection
SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter.
CVE-2007-4505 EXPLOITDB text WORKING POC
Mambo - SQL Injection
SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
CVE-2007-1339 EXPLOITDB perl WORKING POC
Monitor-line Links Management < 1.0 - SQL Injection
SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.
CVE-2007-0904 EXPLOITDB WORKING POC
LightRO CMS 1.0 - SQL Injection
SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php.
CVE-2006-6577 EXPLOITDB text WORKING POC
Neocrome LDU <8 - SQL Injection
SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0824 EXPLOITDB text WORKING POC
LightRO CMS 1.0 - RCE
PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter.
CVE-2007-4504 EXPLOITDB text WORKING POC
Joomla! com_rsfiles <1.0.2 - Path Traversal
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
CVE-2007-1703 EXPLOITDB perl WORKING POC
Joomla Rwcards Component < 2.4.3 - SQL Injection
SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2007-4046 EXPLOITDB text WORKING POC
Pony Gallery <1.5 - SQL Injection
SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-4506 EXPLOITDB text WORKING POC
Joomla! <1.4 - SQL Injection
SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.
CVE-2007-4503 EXPLOITDB text WORKING POC
Joomla! com_nicetalk <0.9.3 - SQL Injection
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
CVE-2007-1704 EXPLOITDB perl WORKING POC
Joomla Car Manager < 1.1 - SQL Injection
SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1776 EXPLOITDB html WORKING POC
Design FOR Joomla D4j Ezine < 2.8 - SQL Injection
SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.
CVE-2007-4502 EXPLOITDB text WORKING POC
Joomla! com_jombib <1.3 - SQL Injection
SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.
CVE-2007-1428 EXPLOITDB html WORKING POC
PHP Labs Jobsitepro - SQL Injection
SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.
CVE-2007-4509 EXPLOITDB text WORKING POC
Joomla! <0.8 - SQL Injection
SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action.
CVE-2006-6149 EXPLOITDB text WORKING POC
Jiros Faq Manager - SQL Injection
SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter.
CVE-2007-0637 EXPLOITDB perl WORKING POC
Galeria Zdjec < 3.0 - Path Traversal
Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
CVE-2006-2896 EXPLOITDB html WORKING POC
FunkBoard CF0.71 - RCE
profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.
CVE-2007-0620 EXPLOITDB text WRITEUP
FD Script <1.3.2 - Info Disclosure
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
CVE-2007-0301 EXPLOITDB html WORKING POC
FdWeB Espace Membre <2.1 - RCE
PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.