irvian

10 exploits Active since Nov 2006
CVE-2007-2457 EXPLOITDB text WORKING POC
Pixaria Gallery <1.4.3 - RCE
PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter.
CVE-2007-2086 EXPLOITDB text WORKING POC
CNStats 2.9 - RCE
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/.
CVE-2007-2070 EXPLOITDB text WRITEUP
Turnkey WEB Tools Sunshop Shopping Cart < 4.0 - Code Injection
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.
CVE-2008-2339 EXPLOITDB perl WORKING POC
Turnkeywebtools Sunshop Shopping Cart - SQL Injection
SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549.
CVE-2007-2458 EXPLOITDB text WORKING POC
Pixaria Gallery <1.4.3 - RCE
Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457.
CVE-2006-6093 EXPLOITDB text WRITEUP
PicturesPro Photo Cart 3.9 - RCE
Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters.
CVE-2008-1750 EXPLOITDB perl WORKING POC
Integry Systems LiveCart <1.1.1 - SQL Injection
SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.
CVE-2007-0232 EXPLOITDB text WORKING POC
Jshop Server 1.3 - RCE
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.
CVE-2007-4604 EXPLOITDB perl WORKING POC
DL PayCart 1.01 - SQL Injection
SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
CVE-2007-2087 EXPLOITDB text WORKING POC
CNStats 2.12 - RCE
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.