Bulan

5 exploits Active since May 2007
CVE-2007-2543 EXPLOITDB text WORKING POC
Flashgames 1.0.1 - SQL Injection via lid Parameter
SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2007-2571 EXPLOITDB text WORKING POC
wfquotes_module < 1.0.0 - SQL Injection via index.php c Parameter
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
EIP-2026-113398 EXPLOITDB text WORKING POC
WF-Quote 1.0 Xoops Module - 'index.php' SQL Injection
CVE-2007-3522 EXPLOITDB text WRITEUP
sPHPell 1.01 - Remote File Inclusion via SpellIncPath Parameter
Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
CVE-2007-2792 EXPLOITDB text WRITEUP
Yet another Newsletter Component (YaNC) < 1.5 beta 3 - SQL Injection via listid Parameter
SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information.