irvian

10 exploits Active since Nov 2006
CVE-2007-2457 EXPLOITDB text WORKING POC
Pixaria Gallery < 1.4.3 - Remote File Inclusion via cfg[sys][base_path] Parameter
PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter.
CVE-2007-2086 EXPLOITDB text WORKING POC
CNStats 2.9 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/.
CVE-2007-2070 EXPLOITDB text WRITEUP
SunShop Shopping Cart < 3.5.1 - Remote Code Execution via abs_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.
CVE-2008-2339 EXPLOITDB perl WORKING POC
Turnkey Web Tools SunShop Shopping Cart 3.5.1 - SQL Injection via index.php id Parameter
SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549.
CVE-2007-2458 EXPLOITDB text WORKING POC
Pixaria Gallery - Remote File Inclusion via cfg[sys][base_path] Parameter
Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457.
CVE-2006-6093 EXPLOITDB text WRITEUP
PicturesPro Photo Cart 3.9 - Remote File Inclusion via admin_folder or path Parameter
Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters.
CVE-2008-1750 EXPLOITDB perl WORKING POC
Integry Systems LiveCart <1.1.1 - SQL Injection
SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.
CVE-2007-0232 EXPLOITDB text WORKING POC
Jshop Server 1.3 - Remote File Inclusion via jssShopFileSystem Parameter
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.
CVE-2007-4604 EXPLOITDB perl WORKING POC
DL PayCart 1.01 - SQL Injection via ItemID Parameter
SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
CVE-2007-2087 EXPLOITDB text WORKING POC
CNStats 2.12 - Remote File Inclusion via bn Parameter
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.