irk4z

24 exploits Active since Dec 2005
CVE-2008-4106 EXPLOITDB text WORKING POC
WordPress < 2.6.2 - Unauthenticated Password Reset via SQL Column Truncation
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.
CVE-2007-6583 EXPLOITDB text WORKING POC
1024 CMS 1.3.1 - SQL Injection via IP Parameter
SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.
CVE-2007-5844 EXPLOITDB text WORKING POC
GuppY 4.6.3 - Path Traversal and Remote File Inclusion via selskin Parameter
Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter.
CVE-2007-5054 EXPLOITDB text WORKING POC
izicontents < 1_rc6 - Remote Code Execution via gsLanguage Parameter
Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to (1) search/search.php, (2) poll/inlinepoll.php, (3) poll/showpoll.php, (4) links/showlinks.php, or (5) links/submit_links.php in modules/.
CVE-2007-5053 EXPLOITDB text WORKING POC
izicontents < 1_rc6 - Remote Code Execution via URL Parameter Injection
Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php; or a URL in the language_home parameter to (3) search/search.php, (4) poll/inlinepoll.php, (5) poll/showpoll.php, (6) links/showlinks.php, or (7) links/submit_links.php in modules/; related to missing checks in (a) modules/moduleSec.php and (b) include/includeSec.php for inclusion of certain URLs, as demonstrated by an ftps:// URL.
CVE-2005-4600 EXPLOITDB text WORKING POC
TinyMCE Compressor PHP <1.06 - Path Traversal
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
CVE-2008-5697 EXPLOITDB html WORKING POC
Skype extension BETA 2.2.0.95 - Code Injection
The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
CVE-2009-2762 EXPLOITDB text WORKING POC
WordPress < 2.8.3 - Unauthenticated Password Reset via Array Parameter Bypass
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.
CVE-2008-3601 EXPLOITDB php WORKING POC
Quicksilver Forums 1.4.1 - SQL Injection
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
CVE-2007-3772 EXPLOITDB text WORKING POC
PsNews 1.1 - Directory Traversal via Newspath Parameter
Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter.
CVE-2007-6624 EXPLOITDB text WORKING POC
PNphpBB2 1.2i - Path Traversal via phpEx Parameter
Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.
CVE-2008-1408 EXPLOITDB text WORKING POC
phpbp 2 RC3 (2.204) FIX 4 - SQL Injection via Banner ID Parameter
SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action.
CVE-2008-5335 EXPLOITDB php WORKING POC
PHP-Fusion 6.01.15/7.00.1 - SQL Injection
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.
CVE-2007-5719 EXPLOITDB text WORKING POC
miniBB 2.1 - SQL Injection via Table Parameter
SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php.
CVE-2007-6582 EXPLOITDB text WORKING POC
mBlog 1.2 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action.
CVE-2008-2905 EXPLOITDB text WORKING POC
Mambo < 4.6.4 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-0113 EXPLOITDB php WORKING POC
Joomla XStandard - Directory Traversal via X_CMS_LIBRARY_PATH HTTP Header
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
EIP-2026-108929 EXPLOITDB php WORKING POC
jPORTAL 2.3.1 & UserPatch - 'forum.php' Remote Code Execution
CVE-2007-5055 EXPLOITDB text WORKING POC
izicontents < 1_rc6 - Remote File Inclusion via Path Traversal in admin_home or rootdp Parameter
Multiple directory traversal vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php.
CVE-2007-5845 EXPLOITDB text WORKING POC
GuppY <4.6.3, 4.5.16 - Path Traversal
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.
CVE-2008-1405 EXPLOITDB text WORKING POC
fuzzylime (cms) 3.01 - Remote Code Execution via admindir Parameter
PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.
CVE-2007-5056 EXPLOITDB text WORKING POC
ADOdb Lite < 1.42 - Remote Code Execution via last_module Parameter
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
CVE-2008-2650 EXPLOITDB html WORKING POC
CMSimple 3.1 - Path Traversal and Arbitrary File Execution via sl Parameter
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
CVE-2007-6584 EXPLOITDB text WORKING POC
1024 CMS 1.3.1 - Path Traversal via Lang or Theme Parameters
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.