Author List -» rgod

rgod

Name:	rgod
Email:	rgod at autistici dot org
Website:	http://retrogod.altervista.org/

Security Advisories from this author:
08 Apr 08: LinPHA "maps_type" Parameter Handling Local File Inclusion Vulner.. 27 Feb 08: RTSP MPEG4 SP Control ActiveX Control "Url" Property Remote Buffe.. 27 Feb 08: 4XEM VatDecoder VatCtrl Class ActiveX Control "Url" Property Remo.. 27 Feb 08: D-Link MPEG4 SHM (Audio) Control ActiveX Control "Url" Property H.. 25 Jan 08: ImageShack Toolbar FileUploader Class ActiveX Control "BuildSlideShow(.. 21 Jan 08: Toshiba Surveillix RecordSend Class ActiveX Control Remote Buffer Overflow .. 18 Jan 08: RTSP MPEG4 SP Control ActiveX Control "MP4Prefix" Property Handli.. 16 Jan 08: RTS Sentry PTZCamPanelCtrl ActiveX Control Remote Buffer Overflow Vulnerabi.. 18 Dec 07: SurgeMail Webmail "Host" Header Processing Remote Denial of Servi.. 18 Dec 07: iMesh "IMWebControl" Class ActiveX Control Remote Code Execution .. 18 Dec 07: RaidenHTTPD "ulang" Parameter Handling Local File Inclusion Vulne.. 29 Oct 07: GOM Player GOM Manager ActiveX Control "OpenURL()" Method Remote .. 02 Oct 07: CyberLink PowerDVD CLSetting ActiveX Control Remote File Curroption Vulnera.. 03 Sep 07: Hexamail Server "USER" Command Handling Remote Buffer Overflow Vu.. 29 Aug 07: EasyMail Objects "SubmitToExpress()" Method Remote Buffer Overflo.. 29 Aug 07: PostCast Server EasyMail Objects "SubmitToExpress()" Method Remot.. 23 Aug 07: eCentrex VOIP Client Component ActiveX Control Remote Buffer Overflow Vulne.. 29 Jun 07: AMX VNC ActiveX Control Remote Buffer Overflow Vulnerabilities.. 21 Jun 07: PHP Tidy Extension "tidy_parse_string()" Argument Handling Local .. 04 Jun 07: Provideo ISSCCamControl Module ActiveX Control Remote Buffer Overflow Vulne.. 28 May 07: Ademco ATNBaseLoader100 Module ActiveX Control Remote Buffer Overflows Vuln.. 22 May 07: ImagN' for Windows IMW32040.OCX ActiveX Control Remote Buffer Overflow Vuln.. 18 May 07: VImpX ActiveX Control Remote Buffer Overflow Vulnerability.. 07 May 07: RunCMS "executed_queries" Parameter Handling Remote SQL Injection.. 01 May 07: TCExam Remote PHP Code Execution and Cross-Site Scripting Vulnerabilities.. 03 Apr 07: Winmail Server "sid" Parameter Handling Remote Directory Traversa.. 19 Mar 07: Php-Stats Multiple Remote SQL Injections and PHP Code Execution Vulnerabili.. 16 Mar 07: PHP Interbase Extension "isc_attach_database()" Local Buffer Over.. 12 Mar 07: PHP "snmpget()" Local Buffer Overflow Vulnerability.. 07 Mar 07: PHP MSSQL Extension NTWDBLIB.DLL "dbopen" Local Buffer Overflow V.. 01 Mar 07: vBulletin "postids" Parameter Handling Remote SQL Injection Vulne.. 06 Feb 07: Woltlab Burning Board Lite "pmid[0]" Parameter Handling Remote SQ.. 30 Jan 07: GuppY "error.php" Cookie Handling Remote Code Execution Vulnerabi.. 17 Jan 07: ThWboard "board[styleid]" Parameter Handling Remote SQL Injection.. 15 Jan 07: sNews Remote Authentication Bypass Vulnerability.. 28 Dec 06: PHP-Update Multiple Vulnerabilities.. 28 Dec 06: Cacti "cmd.php" Remote Command Execution and SQL Injection Vulner.. 20 Dec 06: PHP-Update Multiple Vulnerabilities.. 18 Dec 06: Sambar FTP Server "SIZE" Command Handling Remote Denial of Servic.. 11 Dec 06: Golden FTP "USER" Command Handling Remote Denial of Service Vulne.. 24 Nov 06: Woltlab Burning Board Lite "threadvisit" Parameter Handling Remot.. 13 Nov 06: PHPWind "AdminUser" Parameter Handling Remote SQL Injection Vulne.. 26 Oct 06: Discuz! GBK "cdb_auth" Parameter Handling Remote SQL Injection Vu.. 11 Oct 06: Flatnuke Remote File Inclusion, File Deletion and File Upload Vulnerabiliti.. 22 Sep 06: eXV2 "sort" Parameter Handling Remote SQL Injection Vulnerability.. 20 Sep 06: Exponent CMS "view" Parameter Handling Local File Inclusion Vulne.. 11 Sep 06: RaidenHTTPD "SoftParserFileXml" Parameter Handling File Inclusion.. 08 Sep 06: DokuWiki "TARGET_FN" Directory Traversal and Code Execution Vulne.. 08 Sep 06: PHP-Fusion "maincore.php" Parameter Handling Remote SQL Injection.. 04 Sep 06: TikiWiki "jhot.php" Arbitrary File Upload Vulnerability.. 18 Aug 06: CubeCart Multiple Parameter Handling Remote Cross-Site Scripting and SQL In.. 07 Aug 06: myBloggie Multiple Remote SQL Injection and Table Prefix Disclosure Vulnera.. 04 Aug 06: sendcard Multiple Parameter Handling Remote File Inclusion and Security Byp.. 02 Aug 06: XMB "u2uid" Parameter Handling Remote SQL Injection Vulnerability.. 01 Aug 06: ATutor "desc" and "asc" Parameter Handling Remote SQL I.. 27 Jul 06: Etomite "rfiles.php" File Upload Vulnerability.. 25 Jul 06: Etomite "username" Parameter Handling Remote SQL Injection Vulner.. 24 Jul 06: Loudblog "id" Parameter Handling Remote SQL Injection Vulnerabili.. 19 Jul 06: toendaCMS "connector.php" File Upload Vulnerability.. 15 Jul 06: MyBB (MyBulletinBoard) "CLIENT_IP" Parameter Handling Remote SQL .. 14 Jul 06: FlatNuke Gallery Module Arbitrary File Upload Vulnerability.. 14 Jul 06: Phorum "template" and "mode" Parameter Handling Cross-S.. 10 Jul 06: Papoo Multiple Parameter Handling Remote Cross-Site Scripting and SQL Injec.. 30 Jun 06: Geeklog "connector.php" File Upload Vulnerability.. 28 Jun 06: BLOG:CMS "id" Parameter Handling SQL Injection Vulnerability.. 27 Jun 06: Jaws Multiple Parameter Handling Cross-Site Scripting and SQL Injection Vul.. 19 Jun 06: Joomla! "title" Parameter SQL Injection Vulnerability.. 19 Jun 06: Mambo "title" Parameter SQL Injection Vulnerability.. 17 Jun 06: Bitweaver Cross-Site Scripting, SQL Injection and Attachment Vulnerability.. 12 Jun 06: blur6ex "ID" Parameter SQL Injection Vulnerability.. 05 Jun 06: DotClear "blog_dc_path" Parameter Arbitrary File Inclusion Vulner.. 05 Jun 06: Claroline "includePath" Parameter Arbitrary File Inclusion Vulner.. 05 Jun 06: LifeType "articleId" Parameter SQL Injection Vulnerability.. 01 Jun 06: pppBLOG "files[0]" Parameter Remote Information DisclosureVulnera.. 26 May 06: WordPress Arbitrary PHP Code Injection Vulnerability.. 24 May 06: Nucleus CMS "GLOBALS[DIR_LIBS]" Arbitrary File Inclusion Vulnerab.. 22 May 06: Xoops Local Arbitrary File Inclusion Vulnerabilities.. 17 May 06: PHP-Fusion "srch_where" Remote SQL Injection Vulnerability.. 17 May 06: DeluxeBB Multiple File Extensions File Upload Vulnerability.. 16 May 06: phpBB "Upload Avatar from a URL" Remote HTTP Request Vulnerabilit.. 15 May 06: Sugar Suite "sugarEntry" Remote Security Bypass and Arbitrary Fil.. 12 May 06: Unclassified NewsBoard "ABBC[Config][smileset]" Arbitrary File In.. 09 May 06: PHP-Fusion Uploading Handling and Arbitrary File Inclusion Vulnerabilities.. 04 May 06: Stadtaus Gästebuch-Script "include_files" Arbitrary File Inc.. 02 May 06: X7 Chat "help_file" Directory Traversal Vulnerability.. 21 Apr 06: PHPSurveyor "surveyid" SQL Injection and PHP Code Execution Vulne.. 20 Apr 06: PCPIN Chat Remote SQL Injection and Arbitrary File Inclusion Vulnerabilitie.. 18 Apr 06: PHP Album "data_dir" Arbitrary File Inclusion Vulnerability.. 18 Apr 06: phpGraphy "editwelcome" Authentication Bypass Vulnerability.. 17 Apr 06: Sysinfoscript sysinfo.cgi Shell Command Injection and Path Disclosure Vulne.. 17 Apr 06: phpWebSite "hub_dir" Arbitrary File Inclusion Vulnerability.. 13 Apr 06: Sphider "settings_dir" Arbitrary File Inclusion Vulnerability.. 13 Apr 06: PHP121 Instant Messenger Remote SQL Injection Vulnerability.. 12 Apr 06: Simplog Remote Cross-Site Scripting, SQL Injection, Information Disclosure .. 11 Apr 06: PHPOpenChat ADOdb Insecure Test Script Vulnerabilities.. 03 Apr 06: ReloadCMS Statistics Remote Cross-Site Scripting and Arbitrary PHP Code Exe.. 31 Mar 06: Claroline Remote Cross-Site Scripting, Information Disclosure and Arbitrary.. 29 Mar 06: NetOffice "Forgot password" Remote SQL Injection Vulnerability.. 29 Mar 06: PHPCollab "Forgot password" Remote SQL Injection Vulnerability.. 27 Mar 06: WEBalbum Arbitrary File Inclusion Vulnerability.. 23 Mar 06: XHP CMS "FileManager" Arbitrary File Upload Vulnerability.. 21 Mar 06: PHP iCalendar Arbitrary File Inclusion and Calendar Upload Vulnerabilities.. 21 Mar 06: gCards Remote Cross-Site Scripting, SQL Injection and Information Disclosur.. 20 Mar 06: Simple PHP Blog "blog_language" Arbitrary File Inclusion Vulnerab.. 09 Mar 06: Gallery "stepOrder[]" Arbitrary File Inclusion Vulnerability.. 08 Mar 06: Owl Intranet Engine "xrms_file_root" Arbitrary File Inclusion Vul.. 06 Mar 06: Php-Stats Remote SQL Injection, Information Disclosure and Arbitrary File I.. 27 Feb 06: iGENUS Webmail Arbitrary File Inclusion Vulnerability.. 27 Feb 06: 4images "template" Arbitrary File Inclusion Vulnerability.. 23 Feb 06: NOCC Remote Arbitrary File Inclusion, Cross-Site Scripting and Information .. 20 Feb 06: Admbook "X-Forwarded-For" Arbitrary PHP Code Injection Vulnerabil.. 20 Feb 06: Coppermine Photo Gallery Arbitrary File Inclusion Vulnerabilities.. 14 Feb 06: Flyspray Installation Script "adodbpath" Arbitrary File Inclusion.. 13 Feb 06: DocMGR "process.php" Arbitrary File Inclusion Vulnerability.. 13 Feb 06: LinPHA "lang" Arbitrary Local File Inclusion Vulnerability.. 10 Feb 06: Runcms File Upload and File Inclusion Vulnerabilities.. 09 Feb 06: Clever Copy "ID" Remote SQL Injection Vulnerability..

Exploits from this author:
26 Feb 08: D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5) Remote Buffer Over.. 24 Jan 08: ImageShack Toolbar 4.5.7 FileUploader Class Insecure Method PoC.. 21 Jan 08: Toshiba Surveillix RecordSend Class ActiveX Control Remote Buffer Overflow .. 13 Jan 08: NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) Head-Based Buffer .. 18 Dec 07: SurgeMail Webmail "Host" Header Processing Remote Denial of Service PoC.. 18 Dec 07: iMesh "IMWebControl" Class ActiveX Control Remote Code Execution PoC.. 18 Dec 07: RaidenHTTPD "ulang" Parameter Handling Local File Inclusion Command Executi.. 29 Oct 07: GOM Player GOM Manager ActiveX Control "OpenURL()" Method Remote Buffer Ove.. 23 Sep 07: EasyMail MessagePrinter Object (emprint.DLL 6.0.1.0) Remote Buffer Overflow.. 04 Sep 07: Hexamail Server "USER" Command Handling Remote Denial of Service Exploit.. 30 Aug 07: Hexamail Server 3.0.0.001 (pop3) pre-auth Remote Overflow PoC.. 28 Aug 07: Postcast Server Pro 3.0.61 / Quiksoft EasyMail (emsmtp.dll 6.0.1) Remote Bu.. 21 Aug 07: eCentrex VOIP Client module (uacomx.ocx 2.0.1) Remote Buffer Overflow Explo.. 22 Jun 07: PHP 5.2.3 Tidy Extension "tidy_parse_string()" Argument Handling Local Buff.. 04 Jun 07: Provideo ISSCCamControl 1.0.1.5 Module ActiveX Control Remote Buffer Overfl.. 25 May 07: PowerTCP Zip Compression for ActiveX Remote Buffer Overflow Exploit.. 24 May 07: PowerTCP for ActiveX Suite Service Control Remote Buffer Overflow Exploit.. 23 May 07: Virtual CD 9.0.0.2 (vc9api.DLL) Remote Arbitrary Command Execution Exploit.. 23 May 07: ImagN' for Windows IMW32040.OCX ActiveX Control Remote Buffer Overflow Expl.. 14 May 07: VImpX ActiveX (VImpX.ocx v. 4.7.3.0) Remote Buffer Overflow Exploit.. 09 May 07: GDivX Zenith Player AviFixer Class (fix.dll 1.0.0.1) Buffer Overflow PoC.. 01 May 07: TCExam <= 4.0.011 "SessionUserLang" Parameter Handling Remote Shell Injecti.. 15 Apr 07: XAMPP for Windows <= 1.6.0a "mssql_connect()" Remote Buffer Overflow Exploi.. 16 Mar 07: PHP <= 4.4.6 Interbase Extension "isc_attach_database()" Buffer Overflow Ex.. 07 Mar 07: PHP MSSQL Extension NTWDBLIB.DLL "dbopen" Local Buffer Overflow PoC.. 10 Jan 07: Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit.. 30 Dec 06: Durian Web Application Server 3.02 Remote Buffer Overflow Exploit.. 28 Dec 06: PHP-Update <= 2.7 Multiple Remote Vulnerabilities Exploit.. 11 Dec 06: Golden FTP Server 1.92 "USER" and "PASS" Handling Remote Heap Overflow PoC.. 09 Dec 06: Filezilla FTP Server 0.9.20b/0.9.21 (STOR) Denial of Service Exploit.. 28 Nov 06: Discuz! 4.x SQL Injection and Admin Credentials Disclosure Exploit.. 07 Aug 06: myBloggie <= 2.1.4 (trackback.php) Multiple SQL Injection Exploit.. 25 Jul 06: Etomite CMS <= 0.6.1 "username" Parameter Handing Remote SQL Injection Expl.. 24 Jul 06: X7 Chat <= 2.0.4 "old_prefix" Parameter Remote Blind SQL Injection Exploit.. 15 Jul 06: MyBulletinBoard (MyBB) <= 1.1.5 (CLIENT-IP) SQL Injection Exploit.. 13 Jul 06: Phorum 5 (pm.php) Arbitrary Local File Inclusion Exploit.. 08 Jul 06: Pivot <= 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit.. 08 Jul 06: Papoo <= 3_RC3 SQL Injection/Admin Credentials Disclosure Exploit.. 30 Jun 06: GeekLog <= 1.4.0sr3 fckeditor Remote Code Execution Exploit.. 28 Jun 06: BLOG:CMS (id) Remote SQL Injection Exploit.. 23 Jun 06: Jaws <= 0.6.2 (Search gadget) Remote SQL Injection Exploit.. 22 Jun 06: Mambo <= 4.6rc1 (Weblinks) Remote Blind SQL Injection Exploit (2).. 19 Jun 06: Joomla! "title" Parameter SQL Injection Vulnerability.. 16 Jun 06: bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit.. 12 Jun 06: blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit.. 05 Jun 06: Claroline <= 1.7.6 (includePath) Remote Code Execution Exploit.. 04 Jun 06: Pixelpost <= 1-5rc1-2 Remote SQL Injection Exploit.. 04 Jun 06: DotClear <= 1.2.4 (prepend.php) Arbitrary File Inclusion Exploit.. 04 Jun 06: LifeType <= 1.0.4 SQL Injection / Admin Credentials Disclosure Exploit.. 31 May 06: pppBlog <= 0.3.8 (randompic.php) System Disclosure Exploit.. 26 May 06: WordPress <= 2.0.2 "cache" Shell Injection Exploit.. 24 May 06: Drupal <= 4.7 (attachment mod_mime) Remote Exploit.. 23 May 06: Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary File Inclusion Exploit.. 22 May 06: Xoops <= 2.0.13.2 xoopsOption[nocommon] Remote File Inclusion Exploit.. 16 May 06: PHP-Fusion <= 6.00.306 (srch_where) SQL Injection Exploit.. 15 May 06: Sugar Suite Open Source <= 4.2 (OptimisticLock) Remote Exploit.. 14 May 06: phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit.. 11 May 06: Unclassified NewsBoard <= 1.6.1 patch 1 Arbitrary File Inclusion Exploit.. 07 May 06: PHP-Fusion <= 6.00.306 Multiple Vulnerabilities Exploit.. 04 May 06: Stadtaus Gästebuch-Script Arbitrary File Inclusion Exploit.. 02 May 06: X7 Chat <= 2.0 (help_file) Remote Commands Execution Exploit.. 20 Apr 06: PHPSurveyor <= 0.995 (surveyid) Remote Command Execution Exploit.. 19 Apr 06: PCPIN Chat <= 5.0.4 (login/language) Remote Code Execution Exploit.. 16 Apr 06: PHP Album <= 0.3.2.3 Remote Command Execution Exploit.. 14 Apr 06: phpWebSite <= 0.10.2 (hub_dir) Remote Command Execution Exploit.. 14 Apr 06: Sysinfoscript 1.21 (sysinfo.cgi) Remote Command Execution Exploit.. 13 Apr 06: PHP121 Instant Messenger <= 1.4 Remote Code Execution Exploit.. 13 Apr 06: Sphider <= 1.3 (configset.php) Arbitrary Remote Inclusion Exploit.. 12 Apr 06: Simplog <= 0.9.2 (s) Remote Command Execution Exploit.. 10 Apr 06: PHPList <= 2.10.2 GLOBALS[] Remote Code Execution Exploit.. 09 Apr 06: ADOdb < 4.70 (tmssql.php) Denial of Service Vulnerability.. 09 Apr 06: PHPOpenChat 3.0.x (ADOdb) Insecure Test Script SQL Injection Exploit.. 06 Apr 06: phpMyChat 0.15.0dev (SYS enter) Remote Code Execution Exploit.. 05 Apr 06: phpMyChat <= 0.14.5 (SYS enter) Remote Code Execution Exploit.. 03 Apr 06: ReloadCMS Statistics Arbitrary PHP Code Execution Exploit.. 31 Mar 06: Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit.. 28 Mar 06: PHPCollab 2.x / NetOffice 2.x (sendpassword.php) SQL Injection Exploit.. 26 Mar 06: WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit.. 20 Mar 06: gCards <= 1.45 Multiple Vulnerabilities All-In-One Exploit.. 15 Mar 06: php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit.. 15 Mar 06: php iCalendar <= 2.21 (publish.ical.php) Remote Code Execution Exploit.. 13 Mar 06: Simple PHP Blog <= 0.4.7.1 Remote Command Execution Exploit.. 11 Mar 06: GuestBook Script <= 1.7 (include_files) Remote Code Execution Exploit.. 08 Mar 06: Gallery <= 2.0.3 stepOrder[] Remote Commands Execution Exploit.. 07 Mar 06: OWL Intranet Engine 0.82 (xrms_file_root) Code Execution Exploit.. 04 Mar 06: PHP-Stats <= 0.1.9.1 "modify_config" Remote Command Execution Exploit.. 26 Feb 06: 4Images <= 1.7.1 (Local Inclusion) Remote Code Execution Exploit.. 25 Feb 06: iGENUS WebMail <= 2.0.2 (config_inc.php) Remote Code Execution Exploit.. 23 Feb 06: NOCC Webmail <= 1.0 (Local Inclusion) Remote Code Execution Exploit.. 21 Feb 06: Geeklog 1.* (error.log) Remote Commands Execution Exploit (gpc = Off).. 20 Feb 06: Coppermine Photo Gallery (docs/showdocs.php) Arbitrary File Inclusion Explo.. 19 Feb 06: Admbook <= 1.2.2 (X-Forwarded-For) Remote Command Execution Exploit.. 16 Feb 06: PHPKIT <= 1.6.1R2 (filecheck) Remote Commands Execution Exploit.. 13 Feb 06: EnterpriseGS <= 1.0 rc4 Remote Commands Execution Exploit.. 13 Feb 06: FlySpray 0.9.7 (install-0.9.7.php) Remote Commands Execution Exploit.. 13 Feb 06: DocMGR <= 0.54.2 "process.php" Arbitrary File Inclusion Exploit.. 09 Feb 06: FCKEditor 2.0 <= 2.2 (connector.php) Remote Shell Upload Exploit.. 09 Feb 06: RunCMS <= 1.2 (class.forumposts.php) Arbitrary Remote Inclusion Exploit.. 08 Feb 06: SPIP <= 1.8.2-g "spip_log" and "include_local" Remote Code Execution Exploi.. 04 Feb 06: Clever Copy <= 3.0 Admin Auth Details and Remote SQL Injection Exploit.. 04 Feb 06: LoudBlog <= 0.4 (path) Arbitrary Remote Inclusion Exploit..