girex

27 exploits Active since Dec 2007
CVE-2009-1033 EXPLOITDB text WORKING POC
DeluxeBB <= 1.3 - SQL Injection via qorder Parameter
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
CVE-2008-6592 EXPLOITDB text WORKING POC
LightNEasy - Path Traversal and Arbitrary File Access via thumbsup.php Image Parameter
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
CVE-2009-1948 EXPLOITDB text WORKING POC
Unclassified NewsBoard 1.6.4 - Path Traversal and Arbitrary File Read via GLOBALS Parameter
Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter.
CVE-2009-1947 EXPLOITDB text WORKING POC
Unclassified NewsBoard (UNB) 1.6.4 - SQL Injection
SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686.
CVE-2007-6584 EXPLOITDB perl WORKING POC
1024 CMS 1.3.1 - Path Traversal via Lang or Theme Parameters
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.
CVE-2008-2028 EXPLOITDB text WORKING POC
miniBB < 2.2 - Exposure of Sensitive Information via glang Parameter
miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.
CVE-2008-2024 EXPLOITDB text WORKING POC
miniBB < 2.2 - Cross-Site Scripting via glang[] Parameter
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.
CVE-2009-1949 EXPLOITDB text WORKING POC
Unclassified NewsBoard (UNB) <1.6.4 - Info Disclosure
import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVE-2008-3153 EXPLOITDB perl WORKING POC
Triton CMS Pro < 1.0.6 - SQL Injection via X-Forwarded-For Header
SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
CVE-2008-1554 EXPLOITDB text WORKING POC
TopperMod 2.0 - SQL Injection via Localita Parameter
SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.
CVE-2008-1553 EXPLOITDB text WORKING POC
TopperMod 1.0 - Path Traversal via 'to' Parameter in mod.php
Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the to parameter.
CVE-2008-7064 EXPLOITDB perl WORKING POC
Quicksilver Forums <= 1.4.2 - Remote Code Execution via Lang Parameter Backslash Bypass
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
CVE-2008-6643 EXPLOITDB perl WORKING POC
LokiCMS 0.3.4 - Unauthenticated Configuration Modification via LokiACTION Parameter
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
CVE-2008-1860 EXPLOITDB perl WORKING POC
LokiCMS < 0.3.3 - Remote Code Execution via Default Parameter
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
CVE-2008-2029 EXPLOITDB text WORKING POC
miniBB < 2.2 - SQL Injection via xtr Parameter
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
CVE-2008-6593 EXPLOITDB text WORKING POC
LightNEasy SQLite <= 1.2.2 - SQL Injection via dlid Parameter
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
CVE-2008-6537 EXPLOITDB perl WORKING POC
LightNEasy 1.2 - Unauthenticated Administrator Password Hash Exposure via Setup Action
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
CVE-2008-3416 EXPLOITDB text WORKING POC
IceBB - SQL Injection via Username Parameter in Members Module
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
EIP-2026-106801 EXPLOITDB perl WORKING POC
EggBlog 4.0 - SQL Injection
EIP-2026-107133 EXPLOITDB text WRITEUP
Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
CVE-2009-1960 EXPLOITDB text WORKING POC
DokuWiki 2009-02-14, rc2009-02-06, rc2009-01-30 - Remote Code Execution via config_cascade Parameter
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
CVE-2008-5320 EXPLOITDB perl WORKING POC
e107 < 0.7.13 - Authenticated SQL Injection via ue[] Parameter
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
CVE-2010-4151 EXPLOITDB text WORKING POC
DeluxeBB 1.3 - SQL Injection via xthedateformat Parameter
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
EIP-2026-106167 EXPLOITDB text WORKING POC
coppermine photo Gallery 1.4.22 - Multiple Vulnerabilities
EIP-2026-106225 EXPLOITDB text WORKING POC
CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite / Authentication Bypass