kaMtiEz

61 exploits Active since Sep 2009
CVE-2010-2908 EXPLOITDB text WORKING POC
com_joomdle < 0.24 - SQL Injection via course_id Parameter
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.
EIP-2026-107742 EXPLOITDB text WORKING POC
ICMusic 1.2 - 'music_id' SQL Injection
EIP-2026-107578 EXPLOITDB text WORKING POC
Helpdesk Pilot Knowledge Base 4.4.0 - SQL Injection
CVE-2009-4456 EXPLOITDB text WORKING POC
Green Desktiny <2.3.1 - SQL Injection
SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-107017 EXPLOITDB perl WORKING POC
EZsneezyCal CMS 95.1-95.2 - Remote File Inclusion
CVE-2009-3694 EXPLOITDB perl WORKING POC
ezRecipe-Zee 91 - Path Traversal via cfg[prePath] Parameter
Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter.
EIP-2026-107058 EXPLOITDB text WRITEUP
Fatwiki (fwiki) 1.0 - Remote File Inclusion
CVE-2010-1360 EXPLOITDB text WRITEUP
FAQEngine 4.24.00 - Remote File Inclusion via path_faqe Parameter
Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.
CVE-2010-1052 EXPLOITDB text WORKING POC
AudiStat 1.3 - Cross-Site Scripting via Year and Mday Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3325 EXPLOITDB text WORKING POC
Focusdev Com Surveymanager - SQL Injection
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
CVE-2009-3332 EXPLOITDB text WORKING POC
JBudgetsMagic 0.3.2-0.4.0 - SQL Injection via bid Parameter
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.