Bl0od3r

10 exploits Active since Nov 2006
CVE-2006-6910 EXPLOITDB perl WORKING POC
Fersch Formbankserver 1.9 - Denial of Service via Name Parameter Path Traversal
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter.
CVE-2007-0055 EXPLOITDB perl WORKING POC
Formbankserver 1.9 - Directory Traversal via Name Parameter
Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0138 EXPLOITDB perl WORKING POC
Fersch Formbankserver 1.9 - Denial of Service via Name Parameter Path Traversal
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1524 EXPLOITDB perl WORKING POC
zomplog 3.7.6 - Directory Traversal via settings[skin] Parameter
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
CVE-2007-1026 EXPLOITDB text WRITEUP
xlatunes < 0.1 - SQL Injection via view.php album Parameter
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information.
CVE-2006-5802 EXPLOITDB perl WORKING POC
The Web Drivers Simple Forum - SQL Injection via message_details.php id Parameter
SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-111904 EXPLOITDB text WORKING POC
SaveWebPortal 3.4 - 'page' Remote File Inclusion
CVE-2006-5788 EXPLOITDB text WORKING POC
iprimal_forums - Remote Code Execution via p Parameter File Inclusion
PHP remote file inclusion vulnerability in (1) index.php and (2) admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to execute arbitrary PHP code via a URL in the p parameter.
CVE-2006-5787 EXPLOITDB perl WORKING POC
IPrimal Forums <20061105 - Auth Bypass
admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.
CVE-2006-6542 EXPLOITDB perl WORKING POC
Fantastic News <2.1.4 - SQL Injection
SQL injection vulnerability in news.php in Fantastic News 2.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.