waraxe

59 exploits Active since Apr 2004
CVE-2012-1613 EXPLOITDB text WRITEUP
Coppermine Photo Gallery < 1.5.20 - Authenticated Cross-Site Scripting via Keywords Parameter
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
CVE-2009-2160 EXPLOITDB text WRITEUP
TorrentTrader Classic 1.09 - Info Disclosure
TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php.
CVE-2009-2159 EXPLOITDB text WRITEUP
TorrentTrader Classic 1.09 - Info Disclosure
backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.
CVE-2009-2158 EXPLOITDB HIGH text WRITEUP
TorrentTrader Classic 1.09 - Info Disclosure
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.
CVSS 7.5
CVE-2009-2157 EXPLOITDB text WRITEUP
TorrentTrader Classic 1.09 - SQL Injection
Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php.
CVE-2009-2156 EXPLOITDB text WRITEUP
TorrentTrader Classic 1.09 - Authenticated Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] parameters to themes/default/header.php, (6) the todayactive parameter to visitorstoday.php, (7) the activepeople parameter to visitorsnow.php, (8) the faq_categ[999][title] parameter to faq.php, and (9) the keepget parameter to torrents-details.php.
CVE-2009-0677 EXPLOITDB text WRITEUP
RavenNuke 2.30 - Authenticated Remote Code Execution via Your Account Module Avatarlist preg_replace
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.
CVE-2009-0674 EXPLOITDB text WRITEUP
RavenNuke 2.30 - Path Disclosure via aFonts Array Parameter
images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames.
CVE-2009-0673 EXPLOITDB text WRITEUP
RavenNuke 2.30 - Authenticated PHP Code Injection via Your Account Custom Fields
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
CVE-2009-0672 EXPLOITDB text WRITEUP
RavenNuke 2.30 - Authenticated SQL Injection via Resend_Email Module user_prefix Parameter
SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.
CVE-2008-0506 EXPLOITDB text WORKING POC
Coppermine Photo Gallery < 1.4.14 - Remote Code Execution via ImageMagick Picture Processing Parameters
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
CVE-2009-1064 EXPLOITDB text WORKING POC
Orbit Downloader <= 2.8.7 - Arbitrary File Write via ActiveX Control Argument Injection
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
EIP-2026-118344 EXPLOITDB text WORKING POC
Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal
EIP-2026-118616 EXPLOITDB html WORKING POC
Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection
EIP-2026-114611 EXPLOITDB text WRITEUP
ZenPhoto 1.4.3.3 - Multiple Vulnerabilities
EIP-2026-114151 EXPLOITDB text WORKING POC
WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-114084 EXPLOITDB text WRITEUP
WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities
EIP-2026-114067 EXPLOITDB text WORKING POC
WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-114070 EXPLOITDB text WRITEUP
WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities
EIP-2026-114083 EXPLOITDB text WRITEUP
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities
CVE-2007-2821 EXPLOITDB php WORKING POC
WordPress < 2.2 - SQL Injection via Cookie Parameter
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
CVE-2007-5710 EXPLOITDB text WRITEUP
WordPress 2.3 - Cross-Site Scripting via posts_columns Array Parameter
Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.
EIP-2026-113769 EXPLOITDB text WORKING POC
WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities
EIP-2026-113117 EXPLOITDB ruby WORKING POC
VirtueMart 1.1.2 - SQL Injection (Metasploit)
EIP-2026-113116 EXPLOITDB text WRITEUP
virtuemart 1.1.2 - Multiple Vulnerabilities