k1tk4t

46 exploits Active since Apr 2005
CVE-2006-6634 EXPLOITDB text WORKING POC
ExtCalThai Module < 0.9.1 - Remote File Inclusion via CONFIG_EXT or mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.
CVE-2006-6634 EXPLOITDB text WORKING POC
ExtCalThai Module < 0.9.1 - Remote File Inclusion via CONFIG_EXT or mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.
CVE-2007-4210 EXPLOITDB text WORKING POC
LANAI CMS 1.2.14 - SQL Injection via FAQ, EZSHOPINGCART, or GALLERY Module Parameters
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
CVE-2007-4210 EXPLOITDB text WORKING POC
LANAI CMS 1.2.14 - SQL Injection via FAQ, EZSHOPINGCART, or GALLERY Module Parameters
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
CVE-2007-4210 EXPLOITDB text WORKING POC
LANAI CMS 1.2.14 - SQL Injection via FAQ, EZSHOPINGCART, or GALLERY Module Parameters
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
CVE-2007-4210 EXPLOITDB text WORKING POC
LANAI CMS 1.2.14 - SQL Injection via FAQ, EZSHOPINGCART, or GALLERY Module Parameters
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
CVE-2006-7130 EXPLOITDB text WRITEUP
Jinzora < 2.1 - Remote Code Execution via Include Path Parameter
PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
CVE-2007-6466 EXPLOITDB perl WORKING POC
FreeWebshop 2.2.1 - SQL Injection via prod/cat/group Parameters
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.
EIP-2026-107247 EXPLOITDB perl WORKING POC
FreeWebShop 2.2.7 - 'cookie' Admin Password Grabber
CVE-2007-4253 EXPLOITDB perl WORKING POC
Envolution < 1.1.0 - SQL Injection via News Module Topic Parameter
SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.
CVE-2007-4736 EXPLOITDB perl WORKING POC
CartKeeper CKGold Shopping Cart 2.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2006-5256 EXPLOITDB text WORKING POC
Claroline < 1.8.0 - Remote File Inclusion via includePath Parameter
PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
CVE-2006-5250 EXPLOITDB text WORKING POC
blueshoes_framework < 4.6_public - Remote File Inclusion via APP[path][lib] Parameter
PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864.
CVE-2008-0390 EXPLOITDB perl WORKING POC
AuraCMS 1.62 - Remote Code Execution via X-Forwarded-For Header
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
CVE-2007-4171 EXPLOITDB text WORKING POC
auracms modul_forum_sederhana - SQL Injection via komentar.php id Parameter
SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information.
CVE-2008-3203 EXPLOITDB perl WORKING POC
AuraCMS 2.2-2.2.2 - Unauthenticated Arbitrary Content Modification via id Parameter
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
CVE-2007-6552 EXPLOITDB perl WORKING POC
AuraCMS 2.2 - Authenticated Path Traversal and Arbitrary File Execution via Index.php Act Parameter
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
CVE-2007-4908 EXPLOITDB text WORKING POC
AuraCMS <= 2.1 - Remote File Inclusion via Pilih Parameter
Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.
CVE-2007-4804 EXPLOITDB text WRITEUP
AuraCMS 1.5rc - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
EIP-2026-105000 EXPLOITDB text WORKING POC
ae2 - 'standart.inc.php' Remote File Inclusion
CVE-2007-4627 EXPLOITDB perl WORKING POC
ABC eStore 3.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.