s4va

32 exploits Active since Apr 2010
CVE-2010-5040 EXPLOITDB text WORKING POC
NP_Gallery plugin 0.94 - Remote Code Execution via DIR_NUCLEUS Parameter
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1493 EXPLOITDB text WORKING POC
com_awdwall < 1.5.4 - SQL Injection via cbuser Parameter
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
EIP-2026-111732 EXPLOITDB text WORKING POC
redcat media - SQL Injection
CVE-2010-5041 EXPLOITDB text WORKING POC
NP_Gallery plugin 0.94 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
CVE-2010-2314 EXPLOITDB text WORKING POC
NP_Twitter Plugin 0.8-0.9 - Remote Code Execution via DIR_PLUGINS Parameter
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1722 EXPLOITDB text WORKING POC
com_market 2.x - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108747 EXPLOITDB text WORKING POC
Joomla! Component JoomMail 1.0 - Local File Inclusion
CVE-2010-1659 EXPLOITDB text WORKING POC
com_ultimateportfolio 1.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108842 EXPLOITDB text WORKING POC
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)
CVE-2010-1469 EXPLOITDB text WORKING POC
Joomla! com_jprojectmanager 1.0 - Path Traversal
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108784 EXPLOITDB text WORKING POC
Joomla! Component Memory Book 1.2 - Local File Inclusion
EIP-2026-108801 EXPLOITDB text WORKING POC
Joomla! Component My Files 1.0 - Local File Inclusion
CVE-2010-1715 EXPLOITDB text WORKING POC
com_onlineexam 1.5.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
EIP-2026-108592 EXPLOITDB text WORKING POC
Joomla! Component com_wgpicasa - Local File Inclusion
EIP-2026-108618 EXPLOITDB text WORKING POC
Joomla! Component CV Maker 1.0 - Local File Inclusion
EIP-2026-108620 EXPLOITDB text WORKING POC
Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion
CVE-2010-1656 EXPLOITDB perl WORKING POC
Airiny ABC 1.1.7 - SQL Injection via Sectionid Parameter
SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php.
EIP-2026-108622 EXPLOITDB text WORKING POC
Joomla! Component Digital Diary 1.5.0 - Local File Inclusion
EIP-2026-108650 EXPLOITDB text WORKING POC
Joomla! Component FlashGames 1.5.0 - Local File Inclusion
CVE-2010-1955 EXPLOITDB text WORKING POC
Deluxe Blog Factory (com_blogfactory) 1.1.2 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1471 EXPLOITDB text WORKING POC
Joomla! com_addressbook <1.5.0 - Path Traversal
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1473 EXPLOITDB text WORKING POC
Joomla! com_advertising 0.25 - Path Traversal
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1979 EXPLOITDB text WORKING POC
Affiliate Datafeeds (com_datafeeds) build 880 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108207 EXPLOITDB text WORKING POC
Joomla! Component Appointment 1.5 - Local File Inclusion
CVE-2010-1714 EXPLOITDB text WORKING POC
com_arcadegames 1.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.