CWH Underground - Security Researcher - Exploit Intelligence Platform

CVE-2008-2694 EXPLOITDB text WORKING POC

Phpinv - XSS

Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

View Code

CVE-2008-2677 EXPLOITDB text WORKING POC

Telephone Directory 2008 - XSS

Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

View Code

CVE-2008-2647 EXPLOITDB text WORKING POC

Mebiblio - SQL Injection

SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.

View Code

CVE-2008-2646 EXPLOITDB text WORKING POC

Mebiblio - XSS

Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php.

View Code

CVE-2008-2644 EXPLOITDB text WORKING POC

Smeweb - XSS

Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php.

View Code

EIP-2026-118124 EXPLOITDB perl WORKING POC

WINMOD 1.4 - '.lst' Local Stack Overflow

View Code

EIP-2026-113453 EXPLOITDB php WORKING POC

Wolf CMS 0.8.2 - Arbitrary File Upload

View Code

CVE-2008-2907 EXPLOITDB perl WORKING POC

Webchamado - SQL Injection

SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter.

View Code

CVE-2008-2875 EXPLOITDB text WORKING POC

Webdevindo-cms - SQL Injection

SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter.

View Code

EIP-2026-113302 EXPLOITDB php WORKING POC

WeBid 1.1.1 - Unrestricted Arbitrary File Upload

View Code

CVE-2008-3178 EXPLOITDB text WORKING POC

WebXell Editor 0.1.3 - RCE

Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/.

View Code

CVE-2008-5956 EXPLOITDB text WORKING POC

Wbstreet 1.0 - Info Disclosure

Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.

View Code

EIP-2026-113196 EXPLOITDB text WORKING POC

WCMS 1.0b - 'news_detail.asp' SQL Injection

View Code

CVE-2008-3027 EXPLOITDB text WORKING POC

Vangogh Web Cms - SQL Injection

SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php.

View Code

EIP-2026-113197 EXPLOITDB python WORKING POC

WCMS 1.0b - Arbitrary Add Admin

View Code

CVE-2008-5163 EXPLOITDB text WORKING POC

The Rat CMS Pre-Alpha 2 - SQL Injection

Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.

View Code

CVE-2008-6735 EXPLOITDB text WORKING POC

Thaiquickcart - Path Traversal

Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.

View Code

CVE-2008-5164 EXPLOITDB text WRITEUP

The Rat CMS Pre-Alpha 2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.

View Code

CVE-2008-5265 EXPLOITDB text WORKING POC

TNT Forum 0.9.4 - Path Traversal

Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter.

View Code

CVE-2008-5163 EXPLOITDB text WORKING POC

The Rat CMS Pre-Alpha 2 - SQL Injection

Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.

View Code

CVE-2008-5639 EXPLOITDB text WORKING POC

TxtBlog 1.0 Alpha - Path Traversal

Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter.

View Code

CVE-2008-4666 EXPLOITDB text WORKING POC

Deeserver Ultimate Webboard - SQL Injection

SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter.

View Code

CVE-2008-2839 EXPLOITDB text WORKING POC

Traindepot - XSS

Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php.

View Code

CVE-2008-2678 EXPLOITDB text WORKING POC

Telephone Directory 2008 - SQL Injection

Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.

View Code

CVE-2008-5164 EXPLOITDB text WRITEUP

The Rat CMS Pre-Alpha 2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.

View Code