0xFFFFFF

6 exploits Active since Oct 2008
CVE-2008-4604 EXPLOITDB text WORKING POC
Easy CafeEngine 1.1 - SQL Injection via itemid Parameter
SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2008-4757 EXPLOITDB text WRITEUP
php-daily - SQL Injection via id or prev Parameter
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.
CVE-2008-4756 EXPLOITDB text WRITEUP
PHP-Daily - Cross-Site Scripting via Date Parameter
Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.
CVE-2017-16524 EXPLOITDB HIGH ruby WORKING POC
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
CVSS 8.8
CVE-2008-4758 EXPLOITDB text WRITEUP
php-daily - Path Traversal via Download File Parameter
Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.
CVE-2008-4605 EXPLOITDB text WORKING POC
easycafeengine - SQL Injection via id Parameter
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.