k1tk4t

46 exploits Active since Apr 2005
CVE-2007-4905 EXPLOITDB text WORKING POC
AuraCMS 2.1 - Unauthenticated Arbitrary File Upload via mod/contak.php Image Parameter
Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/.
CVE-2007-4886 EXPLOITDB text WORKING POC
AuraCMS 1.x and 2.x - Remote Code Execution via pilih Parameter URL Injection
Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.
CVE-2007-5300 EXPLOITDB perl WORKING POC
wzdftpd 0.8.0 0.8.2 - Denial of Service via Long USER Command
Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2007-4714 EXPLOITDB text WORKING POC
Yvora 1.0 - SQL Injection via ID Parameter
SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2007-4156 EXPLOITDB text WORKING POC
woliocms - SQL Injection via Member ID or Admin Login Parameters
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php.
CVE-2007-4846 EXPLOITDB text WORKING POC
Webace-Linkscript 1.3 SE - SQL Injection via start.php id Parameter
SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action.
EIP-2026-112736 EXPLOITDB perl WORKING POC
TOKOKITA - 'produk_id' SQL Injection
CVE-2007-6004 EXPLOITDB text WORKING POC
Toko Instan 7.6 - SQL Injection via id or katid Parameter
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
CVE-2007-4808 EXPLOITDB text WORKING POC
TLM CMS 3.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1.
CVE-2006-5495 EXPLOITDB text WRITEUP
Trawler Web CMS < 1.8.1 - Remote File Inclusion via Multiple PHP Script Parameters
Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files.
CVE-2006-5249 EXPLOITDB text WORKING POC
TagIt! Tagboard 2.1.B Build 2 - Remote Code Execution via configpath Parameter
PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter.
CVE-2007-4597 EXPLOITDB perl WORKING POC
TurnkeyWebTools SunShop <4.0 RC 6 - SQL Injection
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.
CVE-2006-5485 EXPLOITDB text WORKING POC
SpeedBerg 1.2beta1 - Remote File Inclusion via SPEEDBERG_PATH Parameter
Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php.
EIP-2026-112329 EXPLOITDB text WORKING POC
Softerra PHP Developer Library 1.5.3 - 'Grid3.lib.php' Remote File Inclusion
CVE-2007-4845 EXPLOITDB text WORKING POC
rw_download_lite 2.0.3 - SQL Injection via dlid or cid Parameter
Multiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Download 2.0.3 lite allow remote attackers to execute arbitrary SQL commands via the (1) dlid or (2) cid parameter.
CVE-2006-5310 EXPLOITDB text WORKING POC
Les Visiteurs 2.0.1 - Remote Code Execution via lvc_include_dir Parameter
PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.
CVE-2006-5471 EXPLOITDB text WORKING POC
Softerra PHP Developer Library < 1.5.3 - Remote File Inclusion via cfg_dir or lib_dir Parameters
PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters.
CVE-2006-5308 EXPLOITDB text WRITEUP
Open Conference Systems <1.1.6 - RCE
Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php.
CVE-2007-5261 EXPLOITDB perl WORKING POC
MultiCart 1.0 - SQL Injection via catid or ddlCategory Parameter
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
CVE-2007-6466 EXPLOITDB perl WORKING POC
FreeWebshop 2.2.1 - SQL Injection via prod/cat/group Parameters
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.
CVE-2007-4456 EXPLOITDB text WORKING POC
Mambo SimpleFAQ Component - SQL Injection via aid Parameter
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.
CVE-2005-1032 EXPLOITDB text WORKING POC
Rejected
Rejected reason: cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying "These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact." Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED
CVE-2007-0181 EXPLOITDB text WORKING POC
PHP <include/common_function.php - RCE
PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.
CVE-2006-5254 EXPLOITDB text WORKING POC
Mark Van Bellen Detailed User Registration <4.1 - RCE
PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4321 EXPLOITDB text WRITEUP
Coppermine Photo Gallery <1.0 - RCE
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.