gmda

4 exploits Active since Dec 2008
CVE-2008-5759 EXPLOITDB WORKING POC
FlatnuX CMS 2008-12-11 - Cross-Site Scripting via Name Parameter in 08_Files Module
Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6604 EXPLOITDB text WORKING POC
PicoFlat CMS 0.5.9 - Path Traversal via Pagina Parameter
Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.
CVE-2011-5148 EXPLOITDB php WORKING POC
mod_simplefileupload < 1.3.5 - Remote Code Execution via Incomplete Blacklist Bypass
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.
CVE-2008-5761 EXPLOITDB text WORKING POC
FlatnuX CMS 2008-12-11 - Cross-Site Scripting via mod foto or name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.