athos

26 exploits Active since Apr 2008
EIP-2026-114460 EXPLOITDB php WORKING POC
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution
EIP-2026-114399 EXPLOITDB bash WORKING POC
Wysi Wiki Wyg 1.0 - Remote Password Retrieve
EIP-2026-113363 EXPLOITDB text WORKING POC
webSPELL 4.01.02 - 'id' Remote Edit Topics
CVE-2008-6727 EXPLOITDB perl WORKING POC
Upb - XSS
Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVE-2008-5491 EXPLOITDB perl WORKING POC
SlimCMS <1.0.0 - SQL Injection
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.
CVE-2008-6345 EXPLOITDB php WORKING POC
Cms.maury91 Solarcms - SQL Injection
SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to indes.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6308 EXPLOITDB php WORKING POC
Punbb Private Messaging System < 1.2.3 - Path Traversal
Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pun_user[language] parameter to (1) functions_navlinks.php, (2) header_new_messages.php, (3) profile_send.php, and (4) viewtopic_PM-link.php in include/pms/.
CVE-2008-5418 EXPLOITDB perl WORKING POC
PunPortal <2.0 - Path Traversal
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
CVE-2009-0592 EXPLOITDB perl WORKING POC
PNphpBB2 <1.2i - Path Traversal
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
CVE-2008-6314 EXPLOITDB perl WORKING POC
Phpbb Tag Board < 4.0 - SQL Injection
SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
CVE-2008-1918 EXPLOITDB perl WORKING POC
PHP-Fusion <6.01.14, <6.00.307 - SQL Injection
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.
CVE-2008-6952 EXPLOITDB perl WORKING POC
Cms.maury91 Maurycms - SQL Injection
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2008-6787 EXPLOITDB perl WORKING POC
Jeremy Powers Lizardware Cms < 0.6.0 - SQL Injection
SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user.
CVE-2008-5895 EXPLOITDB python WORKING POC
Mediatheka <4.2 - SQL Injection
SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2008-5607 EXPLOITDB perl WORKING POC
JMovies 1.1 - SQL Injection
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2008-6551 EXPLOITDB php WORKING POC
E-vision Cms < 2.02 - Path Traversal
Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php, (3) polling/adminpart/addpolling.php, (4) contact/adminpart/addcontact.php, (5) brandnews/adminpart/addbrandnews.php, (6) newsletter/adminpart/addnewsletter.php, (7) game/adminpart/addgame.php, (8) tour/adminpart/addtour.php, (9) articles/adminpart/addarticles.php, (10) product/adminpart/addproduct.php, or (11) plain/adminpart/addplain.php in modules/.
CVE-2008-6146 EXPLOITDB perl WORKING POC
Deluxebb < 1.2 - SQL Injection
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.
EIP-2026-106306 EXPLOITDB php WORKING POC
CuteNews 1.4.6 - 'ip ban' Authorized Cross-Site Scripting / Command Execution
CVE-2008-5737 EXPLOITDB text WORKING POC
Nodstrum MySQL Calendar <1.2 - SQL Injection
SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-7069 EXPLOITDB perl WORKING POC
Paul Arbogast Accms < 0.0.2 - Information Disclosure
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
EIP-2026-104815 EXPLOITDB php WORKING POC
2532/Gigs 1.2.2 Stable - Remote Command Execution
CVE-2008-6907 EXPLOITDB text WORKING POC
2532gigs - SQL Injection
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php.
EIP-2026-103649 EXPLOITDB perl WORKING POC
SeaMonkey 1.1.14 - Denial of Service
EIP-2026-103531 EXPLOITDB text WORKING POC
Konqueror 4.1 - Cross-Site Scripting / Remote Crash
EIP-2026-102626 EXPLOITDB text WORKING POC
KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities