BorN To K!LL

6 exploits Active since Mar 2007
CVE-2007-5314 EXPLOITDB text WORKING POC
Xkiosk Web - Code Injection
PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter.
CVE-2008-5637 EXPLOITDB text WORKING POC
ParsBlogger - SQL Injection
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
CVE-2007-5069 EXPLOITDB text WRITEUP
Massimo Chioni Mobile Entertainment Module - Path Traversal
Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter.
CVE-2007-5674 EXPLOITDB text WORKING POC
Instaguide Weather - Path Traversal
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter.
CVE-2008-6991 EXPLOITDB text WORKING POC
Cmsbright - SQL Injection
SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter.
CVE-2007-1427 EXPLOITDB text WORKING POC
Assetman < 2.4a - Path Traversal
Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.