kaMtiEz

61 exploits Active since Sep 2009
CVE-2009-3644 EXPLOITDB text WORKING POC
Soundset (com_soundset) 1.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.
CVE-2010-5056 EXPLOITDB text WORKING POC
GBU Facebook (com_gbufacebook) 1.0.5 - SQL Injection via face_id Parameter
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
CVE-2009-4094 EXPLOITDB text WORKING POC
D4J eZine (com_ezine) 2.1 - Remote Code Execution via GLOBALS[mosConfig_absolute_path] Parameter
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
CVE-2009-3822 EXPLOITDB text WORKING POC
Fiji Web Design Ajax Chat (com_ajaxchat) 1.0 - Remote Code Execution via GLOBALS[mosConfig_absolute_path] Parameter
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
CVE-2011-5112 EXPLOITDB text WRITEUP
com_alameda < 1.0.0 - SQL Injection via Storeid Parameter
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
CVE-2009-3817 EXPLOITDB text WRITEUP
BookLibrary (com_booklibrary) 1.0 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-108232 EXPLOITDB text WORKING POC
Joomla! Component CB Resume Builder - 'group_id' SQL Injection
CVE-2009-3645 EXPLOITDB text WORKING POC
JoomlaCache CB Resume Builder - SQL Injection via group_id Parameter
SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.
EIP-2026-108263 EXPLOITDB text WORKING POC
Joomla! Component com_alfurqan15x - SQL Injection
EIP-2026-108300 EXPLOITDB text WRITEUP
Joomla! Component com_cartikads 1.0 - Arbitrary File Upload
CVE-2010-1081 EXPLOITDB text WRITEUP
com_communitypolls < 1.5.2 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-0800 EXPLOITDB text WORKING POC
Ossolution Team Documents Seller <2.5.1 - SQL Injection
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php.
CVE-2009-3438 EXPLOITDB text WORKING POC
JoomlaFacebook (com_facebook) - SQL Injection via id Parameter
SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.
EIP-2026-108367 EXPLOITDB text WORKING POC
Joomla! Component com_hezacontent 1.0 - 'id' SQL Injection
CVE-2009-4431 EXPLOITDB text WRITEUP
com_jcalpro 1.5.3.6 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
EIP-2026-108405 EXPLOITDB text WORKING POC
Joomla! Component com_jobprofile - SQL Injection
CVE-2009-4598 EXPLOITDB text WORKING POC
com_jphoto 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
CVE-2009-4599 EXPLOITDB text WORKING POC
JS Jobs (com_jsjobs) 1.0.5.6 - SQL Injection via md or oi Parameter
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
CVE-2009-4104 EXPLOITDB text WORKING POC
LyftenBloggie 1.0.4 - SQL Injection
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.
EIP-2026-108442 EXPLOITDB text WORKING POC
Joomla! Component com_mediqna 1.1 - Local File Inclusion
CVE-2010-1265 EXPLOITDB text WORKING POC
Adam Corley dcsFlashGames - SQL Injection
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2009-3443 EXPLOITDB text WORKING POC
Fastball (com_fastball) 1.1.0-1.2 - SQL Injection via League Parameter
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.
CVE-2010-1372 EXPLOITDB perl WORKING POC
HD FLV Player (com_hdflvplayer) 1.3 - SQL Injection via id Parameter
SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
EIP-2026-108677 EXPLOITDB text WORKING POC
Joomla! Component IRCm Basic - SQL Injection
CVE-2010-1982 EXPLOITDB text WRITEUP
JA Voice (com_javoice) 2.0 - Path Traversal via View Parameter
Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.