tomplixsee

9 exploits Active since Nov 2007
CVE-2008-0371 EXPLOITDB text WORKING POC
aliTalk 1.9.1.1 - SQL Injection via mohit, id, or username Parameter
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-0541 EXPLOITDB text WORKING POC
Gerd Tentler Simple Forum 3.2 - Cross-Site Scripting via Open and Date_Show Parameters
Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters.
CVE-2007-6126 EXPLOITDB text WORKING POC
project_alumni <= 1.0.9 - Cross-Site Scripting via Year Parameter
Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php.
EIP-2026-114139 EXPLOITDB python WORKING POC
WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection
CVE-2008-0542 EXPLOITDB text WORKING POC
Gerd Tentler Simple Forum 3.2 - Path Traversal via Thumbnail.php File Parameter
Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-6127 EXPLOITDB text WORKING POC
Project Alumni <1.0.9 - SQL Injection
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
CVE-2007-6184 EXPLOITDB text WORKING POC
Project Alumni 1.0.9 - Path Traversal
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.
EIP-2026-110338 EXPLOITDB text WORKING POC
Orangescrum 1.6.1 - Multiple Vulnerabilities
CVE-2008-0391 EXPLOITDB text WORKING POC
aliTalk 1.9.1.1 - Unauthenticated Arbitrary User Account Creation via lilil Parameter
inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.