BorN To K!LL

6 exploits Active since Mar 2007
CVE-2007-5314 EXPLOITDB text WORKING POC
xkiosk_web 3.0.1i - Remote Code Execution via PEARPATH Parameter
PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter.
CVE-2008-5637 EXPLOITDB text WORKING POC
ParsBlogger - SQL Injection via blog.asp wr Parameter
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
CVE-2007-5069 EXPLOITDB text WRITEUP
Nuke Mobile Entertainment 1 - Remote File Inclusion via module_name Parameter
Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter.
CVE-2007-5674 EXPLOITDB text WORKING POC
InstaGuide Weather 1.0 - Path Traversal via PageName Parameter
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter.
CVE-2008-6991 EXPLOITDB text WORKING POC
cmsbright - SQL Injection via id_rub_page Parameter
SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter.
CVE-2007-1427 EXPLOITDB text WORKING POC
AssetMan < 2.4a - Unauthenticated Directory Traversal via PDF File Parameter
Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.