CWH Underground

145 exploits Active since Jun 2006
CVE-2008-6788 EXPLOITDB perl WORKING POC
MindDezign Photo Gallery 2.2 - SQL Injection via id Parameter
SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.
CVE-2008-6311 EXPLOITDB WORKING POC
Butterfly Organizer 2.0.1 - SQL Injection via mytable Parameter
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.
CVE-2013-10055 EXPLOITDB CRITICAL text WORKING POC
Havalite CMS 1.1.7 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
CVE-2013-10054 EXPLOITDB CRITICAL text WORKING POC
LibrettoCMS 1.1.7 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.
CVE-2008-6789 EXPLOITDB perl WORKING POC
MindDezign Photo Gallery 2.2 - SQL Injection via Username Parameter
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
CVE-2008-6788 EXPLOITDB text WORKING POC
MindDezign Photo Gallery 2.2 - SQL Injection via id Parameter
SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.
CVE-2008-5201 EXPLOITDB text WORKING POC
OTManager CMS 24a - Remote File Inclusion via Conteudo Parameter
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-3180 EXPLOITDB text WORKING POC
ContentNow CMS 1.4.1 - Cross-Site Scripting via pageid Parameter or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO.
CVE-2008-5271 EXPLOITDB text WORKING POC
SyndeoCMS 2.6.0 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman SyndeoCMS 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
CVE-2008-4332 EXPLOITDB text WRITEUP
PHP infoBoard V.7 Plus - SQL Injection via idcat Parameter
SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.
CVE-2008-3505 EXPLOITDB text WORKING POC
polypager < 1.0 - Cross-Site Scripting via nr Parameter
Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI.
CVE-2008-2855 EXPLOITDB text WORKING POC
OwnRS Beta 3 - Cross-Site Scripting via Clanek.php ID Parameter
Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-2838 EXPLOITDB text WORKING POC
traindepot 0.1 - Path Traversal via Module Parameter
Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
CVE-2008-2813 EXPLOITDB text WORKING POC
WallCity-Server Shoutcast Admin Panel 2.0 - Remote File Inclusion via Page Parameter
Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-2566 EXPLOITDB text WORKING POC
php-address_book < 3.1.5 - Cross-Site Scripting via Group Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
CVE-2008-2565 EXPLOITDB text WORKING POC
php-address_book < 4.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
CVE-2008-2560 EXPLOITDB text WORKING POC
427BB 2.3.1 - SQL Injection via showpost.php post Parameter
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.
CVE-2008-6328 EXPLOITDB text WORKING POC
Butterfly Organizer 2.0.0 and 2.0.1 - SQL Injection via id Parameter
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5955 EXPLOITDB text WORKING POC
PHPSTREET Webboard 1.0 - SQL Injection via show.php id Parameter
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5952 EXPLOITDB text WORKING POC
KTP Computer Customer Database - Authenticated SQL Injection via tid Parameter
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
CVE-2008-2997 EXPLOITDB text WORKING POC
Gravity Board X 2.0 Beta - Cross-Site Scripting via Subject Parameter
Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action.
CVE-2008-2996 EXPLOITDB text WORKING POC
Gravity Board X 2.0 Beta - SQL Injection via searchquery or board_id Parameter
Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a viewboard action.
CVE-2008-2965 EXPLOITDB text WORKING POC
JaxUltraBB < 2.0 - Cross-Site Scripting via Forum Parameter
Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
CVE-2008-2963 EXPLOITDB text WORKING POC
MyBlog - SQL Injection via View Parameter or ID Parameter
Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.
CVE-2008-2962 EXPLOITDB text WORKING POC
MyBlog - Cross-Site Scripting via s, sort, or id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php.