k1tk4t

46 exploits Active since Apr 2005
CVE-2006-6634 EXPLOITDB text WORKING POC
Mambo com_extcalendar 0.9.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.
CVE-2006-6634 EXPLOITDB text WORKING POC
Mambo com_extcalendar 0.9.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.
CVE-2007-4210 EXPLOITDB text WORKING POC
LANAI CMS 1.2.14 - SQL Injection
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
CVE-2007-4210 EXPLOITDB text WORKING POC
LANAI CMS 1.2.14 - SQL Injection
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
CVE-2007-4210 EXPLOITDB text WORKING POC
LANAI CMS 1.2.14 - SQL Injection
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
CVE-2007-4210 EXPLOITDB text WORKING POC
LANAI CMS 1.2.14 - SQL Injection
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
CVE-2006-7130 EXPLOITDB text WRITEUP
Jinzora < 2.1 - Code Injection
PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
CVE-2007-6466 EXPLOITDB perl WORKING POC
FreeWebshop 2.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.
EIP-2026-107247 EXPLOITDB perl WORKING POC
FreeWebShop 2.2.7 - 'cookie' Admin Password Grabber
CVE-2007-4253 EXPLOITDB perl WORKING POC
Envolution <1.1.0 - SQL Injection
SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.
CVE-2007-4736 EXPLOITDB perl WORKING POC
Cartkeeper Ckgold Shopping Cart - SQL Injection
SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2006-5256 EXPLOITDB text WORKING POC
Claroline <1.8.0 - RCE
PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
CVE-2006-5250 EXPLOITDB text WORKING POC
BlueShoes 4.6_public - RCE
PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864.
CVE-2008-0390 EXPLOITDB perl WORKING POC
Auracms - Code Injection
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
CVE-2007-4171 EXPLOITDB text WORKING POC
auraCMS - SQL Injection
SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information.
CVE-2008-3203 EXPLOITDB perl WORKING POC
AuraCMS 2.2-2.2.2 - RCE
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
CVE-2007-6552 EXPLOITDB perl WORKING POC
AuraCMS 2.2 - Path Traversal
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
CVE-2007-4908 EXPLOITDB text WORKING POC
Auracms - Path Traversal
Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.
CVE-2007-4804 EXPLOITDB text WRITEUP
Auracms - SQL Injection
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
EIP-2026-105000 EXPLOITDB text WORKING POC
ae2 - 'standart.inc.php' Remote File Inclusion
CVE-2007-4627 EXPLOITDB perl WORKING POC
ABC eStore 3.0 - SQL Injection
SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.