ka0x

23 exploits Active since Apr 2007
CVE-2009-1535 EXPLOITDB perl WORKING POC
Internet Information Services 5.1 and 6.0 - Authentication Bypass via Unicode %c0%af URI Obfuscation
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2008-0839 EXPLOITDB text WORKING POC
astatsPRO 1.0 - SQL Injection via refer.php id Parameter
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1122 EXPLOITDB perl WORKING POC
Microsoft Internet Information Services 5.0 - Authentication Bypass via WebDAV URL Decoding
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
CVE-2007-6128 EXPLOITDB text WORKING POC
WorkingOnWeb 2.0.1400 - SQL Injection
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.
CVE-2009-4561 EXPLOITDB perl WORKING POC
WebLeague 2.2.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-0254 EXPLOITDB text WORKING POC
TutorialCMS 1.02 - SQL Injection via activate.php userName Parameter
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
EIP-2026-112400 EXPLOITDB perl WORKING POC
Sports Clubs Web Panel 0.0.1 - Remote Game Delete
CVE-2008-3152 EXPLOITDB perl WORKING POC
SmartPPC and SmartPPC Pro - SQL Injection via idDirectory Parameter
SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.
CVE-2008-6014 EXPLOITDB text WORKING POC
Rianxosencabos CMS 0.9 - SQL Injection
SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4244 EXPLOITDB perl WORKING POC
Rianxosencabos CMS 0.9 - Unauthenticated Authentication Bypass via Cookie Manipulation
Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
EIP-2026-111241 EXPLOITDB perl WORKING POC
PHPWebGallery 1.3.4 - Blind SQL Injection (2)
CVE-2008-4134 EXPLOITDB text WORKING POC
phpRealty < 0.03 - Remote Code Execution via INC Parameter
PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter.
CVE-2008-0219 EXPLOITDB perl WORKING POC
PHP Webquest 2.6 - SQL Injection via id_actividad Parameter
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.
CVE-2007-1843 EXPLOITDB text WORKING POC
MapLab 2.2.1 - Remote Code Execution via gmapfactory/params.php gszAppPath Parameter
PHP remote file inclusion vulnerability in gmapfactory/params.php in MapLab 2.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gszAppPath parameter.
CVE-2008-0329 EXPLOITDB text WRITEUP
LulieBlog 1.0.1 and 1.0.2 - Unauthenticated Arbitrary Comment and Article Deletion via Admin Endpoints
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.
CVE-2008-0918 EXPLOITDB text WORKING POC
astatsPRO 1.0.1 - SQL Injection via id Parameter
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5778 EXPLOITDB perl WORKING POC
Free Links Directory Script 1.2a - SQL Injection
SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
CVE-2007-5408 EXPLOITDB perl WORKING POC
cpDynaLinks 1.02 - SQL Injection via Category Parameter
SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2009-0883 EXPLOITDB text WORKING POC
Blue Eye CMS <= 1.0.0 - SQL Injection via BlueEyeCMS_login Cookie Parameter
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
CVE-2008-0601 EXPLOITDB text WORKING POC
All Club CMS < 0.0.1f - SQL Injection via Name Parameter
SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2008-0262 EXPLOITDB text WORKING POC
Agares PhpAutoVideo 2.21 - SQL Injection via articlecat Parameter
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
CVE-2008-4145 EXPLOITDB text WORKING POC
Addalink < 1.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2007-5123 EXPLOITDB text WORKING POC
Novus 1.0 - SQL Injection via nota_id Parameter
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.