Bl0od3r

10 exploits Active since Nov 2006
CVE-2006-6910 EXPLOITDB perl WORKING POC
Fersch Formbankserver - Denial of Service
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter.
CVE-2007-0055 EXPLOITDB perl WORKING POC
Fersch Formbankserver - Path Traversal
Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0138 EXPLOITDB perl WORKING POC
Fersch Formbankserver - Denial of Service
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1524 EXPLOITDB perl WORKING POC
Zomplog - Path Traversal
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
CVE-2007-1026 EXPLOITDB text WRITEUP
XLAtunes <0.1 - SQL Injection
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information.
CVE-2006-5802 EXPLOITDB perl WORKING POC
THE WEB Drivers Simple Forum - SQL Injection
SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-111904 EXPLOITDB text WORKING POC
SaveWebPortal 3.4 - 'page' Remote File Inclusion
CVE-2006-5788 EXPLOITDB text WORKING POC
Iprimal Forums - Code Injection
PHP remote file inclusion vulnerability in (1) index.php and (2) admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to execute arbitrary PHP code via a URL in the p parameter.
CVE-2006-5787 EXPLOITDB perl WORKING POC
IPrimal Forums <20061105 - Auth Bypass
admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.
CVE-2006-6542 EXPLOITDB perl WORKING POC
Fantastic News <2.1.4 - SQL Injection
SQL injection vulnerability in news.php in Fantastic News 2.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.