BackDoor

6 exploits Active since Jan 2008
CVE-2008-6798 EXPLOITDB text WORKING POC
Pre Projects Pre Real Estate Listings - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
CVE-2008-6086 EXPLOITDB text WORKING POC
Camera Life 2.6.2b4 - SQL Injection
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355.
CVE-2008-0187 EXPLOITDB text WORKING POC
SAM Broadcaster samPHPweb - SQL Injection via songid Parameter
SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter.
CVE-2008-7052 EXPLOITDB text WORKING POC
Pre Real Estate Listings - Authenticated Arbitrary File Upload via Profile Logo
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
CVE-2008-6087 EXPLOITDB text WORKING POC
Camera Life 2.6.2b4 - Cross-Site Scripting via Topic Name Parameter
Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2009-0531 EXPLOITDB text WORKING POC
A Better Member-Based ASP Photo Gallery <1.2 - SQL Injection
SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.