virangar security team

31 exploits Active since Jan 2008
CVE-2008-2858 EXPLOITDB WORKING POC
WebChamado 1.1 - SQL Injection via eml Parameter
SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2115 EXPLOITDB text WORKING POC
ScriptsEZ.net Power Editor 2.0 - Cross-Site Scripting via te and dir Parameters
Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action.
CVE-2008-0185 EXPLOITDB text WORKING POC
NetRisk 1.9.7 - SQL Injection via PID Parameter
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).
CVE-2008-2906 EXPLOITDB text WORKING POC
WebChamado 1.1 - SQL Injection via tsk_id Parameter
SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter.
EIP-2026-113074 EXPLOITDB text WORKING POC
VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities
CVE-2008-4592 EXPLOITDB text WORKING POC
Sports Clubs Web Panel 0.0.1 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
CVE-2008-6664 EXPLOITDB text WORKING POC
SH-News 3.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values.
EIP-2026-111242 EXPLOITDB text WORKING POC
PHPwebnews 0.2 MySQL Edition - 'SQL' Insecure Cookie Handling
CVE-2008-3598 EXPLOITDB text WORKING POC
psipuss 1.0 - SQL Injection via Cid Parameter or Username Parameter
Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
CVE-2009-0705 EXPLOITDB text WORKING POC
PowerScripts PowerNews <2.5.4 - SQL Injection
SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2009-0707 EXPLOITDB text WORKING POC
PowerClan 1.14a - SQL Injection via Login Email Parameter
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
CVE-2008-2116 EXPLOITDB text WORKING POC
ScriptsEZ.net Power Editor 2.0 - Path Traversal via te and dir Parameters
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.
CVE-2008-3602 EXPLOITDB text WORKING POC
uPHP_ring_website 0.9.1 - Auth Bypass
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVE-2008-7179 EXPLOITDB text WORKING POC
OTManager CMS 2.4 - Unauthenticated Authentication Bypass via Cookie Manipulation
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
CVE-2008-0186 EXPLOITDB text WORKING POC
NetRisk < 1.9.7 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.
CVE-2008-2301 EXPLOITDB text WORKING POC
Kostenloses Linkmanagementscript - SQL Injection via id Parameter
SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php.
CVE-2009-1026 EXPLOITDB text WORKING POC
Kim Websites 1.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-1726 EXPLOITDB text WORKING POC
KnowledgeQuest 2.6 - SQL Injection via kqid or username Parameter
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.
CVE-2008-6300 EXPLOITDB text WORKING POC
Galatolo WebManager 1.3a - Unauthenticated Authentication Bypass via Cookie Manipulation
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-106755 EXPLOITDB text WORKING POC
eCMS 0.4.2 - SQL Injection / Security Bypass
CVE-2008-3292 EXPLOITDB text WORKING POC
EZWebAlbum 1.0 - Unauthenticated Authentication Bypass via photoalbumadmin Cookie
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
CVE-2008-2135 EXPLOITDB text WORKING POC
VisualShapers ezContents 2.0.0 - SQL Injection via contentname or article Parameter
Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php.
CVE-2008-5820 EXPLOITDB text WORKING POC
eDreamers eDNews 2 - SQL Injection via newsid Parameter
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2008-6438 EXPLOITDB text WRITEUP
MacGuru BLOG Engine Plugin 2.1.4-2.2 - SQL Injection via uid Parameter
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
CVE-2008-6438 EXPLOITDB perl WORKING POC
MacGuru BLOG Engine Plugin 2.1.4-2.2 - SQL Injection via uid Parameter
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.