BHG Security Center

12 exploits Active since Dec 2011
CVE-2011-4806 EXPLOITDB text WRITEUP
phpalbum < 0.4.1.16 - Cross-Site Scripting via var1 or keyword Parameter
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
EIP-2026-112310 EXPLOITDB text WORKING POC
Soco CMS - Local File Inclusion
CVE-2011-4807 EXPLOITDB text WRITEUP
phpalbum < 0.4.1.16 - Path Traversal via var1 Parameter
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
EIP-2026-109326 EXPLOITDB text WORKING POC
Marinet CMS - 'room.php' Blind SQL Injection
EIP-2026-108537 EXPLOITDB text WRITEUP
Joomla! Component com_sgicatalog 1.0 - 'id' SQL Injection
EIP-2026-108342 EXPLOITDB text WRITEUP
Joomla! Component com_expedition - 'id' SQL Injection
CVE-2012-1018 EXPLOITDB text WRITEUP
Joomla mod_currencyconverter 1.0.0 - XSS
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter.
CVE-2012-5292 EXPLOITDB text WORKING POC
Atar2b CMS 4.0.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
CVE-2012-5292 EXPLOITDB text WRITEUP
Atar2b CMS 4.0.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
CVE-2012-5292 EXPLOITDB text WORKING POC
Atar2b CMS 4.0.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
EIP-2026-104852 EXPLOITDB text WORKING POC
4PSA CMS - SQL Injection
EIP-2026-100245 EXPLOITDB text WRITEUP
DIGIT CMS 1.0.7 - Cross-Site Scripting / SQL Injection