ka0x

23 exploits Active since Apr 2007
CVE-2009-1535 EXPLOITDB perl WORKING POC
Microsoft Internet Information Services - Authentication Bypass
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2008-0839 EXPLOITDB text WORKING POC
Astatspro - SQL Injection
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1122 EXPLOITDB perl WORKING POC
Microsoft Internet Information Services - Authentication Bypass
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
CVE-2007-6128 EXPLOITDB text WORKING POC
WorkingOnWeb 2.0.1400 - SQL Injection
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.
CVE-2009-4561 EXPLOITDB perl WORKING POC
WebLeague 2.2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-0254 EXPLOITDB text WORKING POC
Wavelink Media Tutorialcms - SQL Injection
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
EIP-2026-112400 EXPLOITDB perl WORKING POC
Sports Clubs Web Panel 0.0.1 - Remote Game Delete
CVE-2008-3152 EXPLOITDB perl WORKING POC
SmartPPC/Pro - SQL Injection
SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.
CVE-2008-6014 EXPLOITDB text WORKING POC
Rianxosencabos CMS 0.9 - SQL Injection
SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4244 EXPLOITDB perl WORKING POC
Rianxosencabos Cms - Authentication Bypass
Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
EIP-2026-111241 EXPLOITDB perl WORKING POC
PHPWebGallery 1.3.4 - Blind SQL Injection (2)
CVE-2008-4134 EXPLOITDB text WORKING POC
Phprealty < 0.03 - Code Injection
PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter.
CVE-2008-0219 EXPLOITDB perl WORKING POC
Php Webquest - SQL Injection
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.
CVE-2007-1843 EXPLOITDB text WORKING POC
Maptools Maplab - Code Injection
PHP remote file inclusion vulnerability in gmapfactory/params.php in MapLab 2.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gszAppPath parameter.
CVE-2008-0329 EXPLOITDB text WRITEUP
Julien Plesniak Lulieblog - Access Control
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.
CVE-2008-0918 EXPLOITDB text WORKING POC
Astatspro - SQL Injection
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5778 EXPLOITDB perl WORKING POC
Free Links Directory Script 1.2a - SQL Injection
SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
CVE-2007-5408 EXPLOITDB perl WORKING POC
Cplinks Cpdynalinks - SQL Injection
SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2009-0883 EXPLOITDB text WORKING POC
Amunak Blue Eye Cms < 1.0.0 - SQL Injection
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
CVE-2008-0601 EXPLOITDB text WORKING POC
All Club Cms < 0.0.1f - SQL Injection
SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2008-0262 EXPLOITDB text WORKING POC
Agares Media Phpautovideo - SQL Injection
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
CVE-2008-4145 EXPLOITDB text WORKING POC
Addalink < 1.0 - SQL Injection
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2007-5123 EXPLOITDB text WORKING POC
Solidweb Novus - SQL Injection
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.