laurent gaffie

170 exploits Active since Dec 2004
CVE-2007-3001 EXPLOITDB text WORKING POC
PHP JackKnife - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.
CVE-2007-3354 EXPLOITDB text WORKING POC
NetClassifieds Premium Edition - SQL Injection via s_user_id Parameter
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978.
CVE-2005-3978 EXPLOITDB text WORKING POC
NetClassifieds - SQL Injection via CatID or ItemNum Parameter
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php.
CVE-2007-1151 EXPLOITDB text WRITEUP
LoveCMS 1.4 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.
CVE-2007-1149 EXPLOITDB text WRITEUP
LoveCMS 1.4 - Path Traversal via Step or Load Parameter
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
CVE-2007-1149 EXPLOITDB text WRITEUP
LoveCMS 1.4 - Path Traversal via Step or Load Parameter
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
CVE-2006-7170 EXPLOITDB text WRITEUP
Koan Software Mega Mall - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.
CVE-2007-1148 EXPLOITDB text WRITEUP
LoveCMS 1.4 - Remote Code Execution via Install Step Parameter
PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.
CVE-2006-7170 EXPLOITDB text WRITEUP
Koan Software Mega Mall - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.
CVE-2006-5914 EXPLOITDB text WRITEUP
SAMEDIA LandShop - SQL Injection via ls.php infield Parameter
SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018.
CVE-2006-5915 EXPLOITDB text WORKING POC
SAMEDIA LandShop - Cross-Site Scripting via ls.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter.
CVE-2006-5847 EXPLOITDB MEDIUM text WRITEUP
freewebshop < 2.2.2 - Cross-Site Scripting via cat Parameter
Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVSS 6.1
CVE-2006-5846 EXPLOITDB text WRITEUP
freewebshop < 2.2.2 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773.
CVE-2007-3394 EXPLOITDB text WORKING POC
eNdonesia 8.4 - SQL Injection via artid or bid Parameter
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.
CVE-2007-3394 EXPLOITDB text WORKING POC
eNdonesia 8.4 - SQL Injection via artid or bid Parameter
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.
CVE-2007-0693 EXPLOITDB text WORKING POC
DGNews 2.1 - SQL Injection via catid Parameter
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).
CVE-2007-2959 EXPLOITDB text WORKING POC
cpCommerce - SQL Injection via manufacturer.php id_manufacturer Parameter
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.
CVE-2006-6924 EXPLOITDB text WRITEUP
bitweaver <= 1.3.1 - Information Disclosure via SQL Error in sort_mode Parameter
bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.
CVE-2006-6923 EXPLOITDB text WRITEUP
bitweaver <= 1.3.1 - SQL Injection via Newsletter Edition tk Parameter
SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.
CVE-2006-6924 EXPLOITDB text WRITEUP
bitweaver <= 1.3.1 - Information Disclosure via SQL Error in sort_mode Parameter
bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.
CVE-2006-6925 EXPLOITDB text WRITEUP
bitweaver <= 1.3.1 - Stored Cross-Site Scripting via Article Title, Blog Post Title, or Wiki Description
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.
CVE-2006-6924 EXPLOITDB text WRITEUP
bitweaver <= 1.3.1 - Information Disclosure via SQL Error in sort_mode Parameter
bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.
CVE-2006-6924 EXPLOITDB text WRITEUP
bitweaver <= 1.3.1 - Information Disclosure via SQL Error in sort_mode Parameter
bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.
CVE-2006-5829 EXPLOITDB text WRITEUP
AIOCP < 1.3.007 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.
CVE-2006-5831 EXPLOITDB text WORKING POC
All In One Control Panel <1.3.007 - Remote Code Execution
PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter.