kaMtiEz

61 exploits Active since Sep 2009
CVE-2009-3644 EXPLOITDB text WORKING POC
Com Soundset - SQL Injection
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.
CVE-2010-5056 EXPLOITDB text WORKING POC
GBU Facebook 1.0.5 - SQL Injection
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
CVE-2009-4094 EXPLOITDB text WORKING POC
PHP <2.1 - RCE
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
CVE-2009-3822 EXPLOITDB text WORKING POC
Fijiwebdesign Com Ajaxchat - Code Injection
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
CVE-2011-5112 EXPLOITDB text WRITEUP
Blueflyingfish Com Alameda < 1.0.0 - SQL Injection
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
CVE-2009-3817 EXPLOITDB text WRITEUP
Ordasoft Com Booklibrary - Code Injection
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-108232 EXPLOITDB text WORKING POC
Joomla! Component CB Resume Builder - 'group_id' SQL Injection
CVE-2009-3645 EXPLOITDB text WORKING POC
Joomlacache Com Cbresumebuilder - SQL Injection
SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.
EIP-2026-108263 EXPLOITDB text WORKING POC
Joomla! Component com_alfurqan15x - SQL Injection
EIP-2026-108300 EXPLOITDB text WRITEUP
Joomla! Component com_cartikads 1.0 - Arbitrary File Upload
CVE-2010-1081 EXPLOITDB text WRITEUP
Joomla! <1.5.2 - Path Traversal
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-0800 EXPLOITDB text WORKING POC
Ossolution Team Documents Seller <2.5.1 - SQL Injection
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php.
CVE-2009-3438 EXPLOITDB text WORKING POC
Witchakorn Kamolpornwijit Com Facebook - SQL Injection
SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.
EIP-2026-108367 EXPLOITDB text WORKING POC
Joomla! Component com_hezacontent 1.0 - 'id' SQL Injection
CVE-2009-4431 EXPLOITDB text WRITEUP
JCal Pro <1.5.3.6 - RCE
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
EIP-2026-108405 EXPLOITDB text WORKING POC
Joomla! Component com_jobprofile - SQL Injection
CVE-2009-4598 EXPLOITDB text WORKING POC
JPhoto 1.0 - SQL Injection
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
CVE-2009-4599 EXPLOITDB text WORKING POC
JS Jobs 1.0.5.6 - SQL Injection
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
CVE-2009-4104 EXPLOITDB text WORKING POC
LyftenBloggie 1.0.4 - SQL Injection
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.
EIP-2026-108442 EXPLOITDB text WORKING POC
Joomla! Component com_mediqna 1.1 - Local File Inclusion
CVE-2010-1265 EXPLOITDB text WORKING POC
Adam Corley dcsFlashGames - SQL Injection
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2009-3443 EXPLOITDB text WORKING POC
Fastballproductions Com Fastball - SQL Injection
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.
CVE-2010-1372 EXPLOITDB perl WORKING POC
HD FLV Player 1.3 - SQL Injection
SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
EIP-2026-108677 EXPLOITDB text WORKING POC
Joomla! Component IRCm Basic - SQL Injection
CVE-2010-1982 EXPLOITDB text WRITEUP
Joomlart Com Javoice - Path Traversal
Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.