CWH Underground

145 exploits Active since Jun 2006
CVE-2008-2046 EXPLOITDB text WORKING POC
Softpedia SiteXS CMS 0.1.1 Pre-Alpha - Cross-Site Scripting via User Parameter
Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2008-5272 EXPLOITDB text WORKING POC
SyndeoCMS 2.6.0 - Authenticated Path Traversal via Template Parameter
Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2) starnet/modules/sn_news/edit_content.php, reached through starnet/index.php; and (3) starnet/modules/sn_newsletter/edit_content.php, reached through starnet/index.php.
CVE-2008-2458 EXPLOITDB text WORKING POC
Starsgames Control Panel < 4.6.2 - Cross-Site Scripting via st Parameter
Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter.
CVE-2008-2652 EXPLOITDB text WORKING POC
SMEWeb 1.4b and 1.4f - SQL Injection via idp and category Parameters
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.
CVE-2008-3026 EXPLOITDB text WORKING POC
OneClick CMS 2008-01-24 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3034 EXPLOITDB text WRITEUP
rss_aggregator 1.0 - SQL Injection via IdFlux or IdTag Parameter
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
CVE-2008-2814 EXPLOITDB text WORKING POC
WallCity-Server Shoutcast Admin Panel 2.0 - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2870 EXPLOITDB text WORKING POC
ShareCMS 0.1 Beta - SQL Injection via eventID or userID Parameter
Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php.
CVE-2008-3033 EXPLOITDB text WRITEUP
RSS-aggregator 1.0 - Unauthenticated Admin Function Access via admin/fonctions/ Directory
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
CVE-2008-3034 EXPLOITDB text WRITEUP
rss_aggregator 1.0 - SQL Injection via IdFlux or IdTag Parameter
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
CVE-2008-4245 EXPLOITDB text WRITEUP
Rianxosencabos CMS 0.9 - Authenticated Privilege Escalation and User Deletion via Admin Control Panel
The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.
CVE-2008-6435 EXPLOITDB text WRITEUP
phpSQLiteCMS 1 RC2 - Cross-Site Scripting via Multiple Language Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php; and the (4) lang[login_username] and (5) lang[login_password] parameters to cms/includes/login.inc.php.
CVE-2008-5069 EXPLOITDB text WORKING POC
Panuwat PromoteWeb MySQL - SQL Injection via go.php id Parameter
SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3506 EXPLOITDB text WORKING POC
polypager < 1.0 - SQL Injection via nr Parameter
SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI.
EIP-2026-111386 EXPLOITDB text WRITEUP
PodHawk 1.85 - Arbitrary File Upload
CVE-2008-5955 EXPLOITDB text WORKING POC
PHPSTREET Webboard 1.0 - SQL Injection via show.php id Parameter
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6435 EXPLOITDB text WRITEUP
phpSQLiteCMS 1 RC2 - Cross-Site Scripting via Multiple Language Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php; and the (4) lang[login_username] and (5) lang[login_password] parameters to cms/includes/login.inc.php.
EIP-2026-111217 EXPLOITDB text WORKING POC
PhpTax 0.8 - File Manipulation 'newvalue' / Remote Code Execution
EIP-2026-110910 EXPLOITDB text WORKING POC
PHP4dvd - 'config.php' PHP Code Injection
CVE-2008-2695 EXPLOITDB text WORKING POC
phpinv 0.8.0 - Remote File Inclusion via Action Parameter Path Traversal
Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
CVE-2015-2237 EXPLOITDB text WORKING POC
Betster 1.0.4 - SQL Injection via id or username Parameter
Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.
CVE-2008-7167 EXPLOITDB text WRITEUP
Page Manager 2006-02-04 - Unauthenticated Arbitrary File Upload via upload.php
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2008-2897 EXPLOITDB text WORKING POC
PageSquid CMS 0.3 Beta - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter.
EIP-2026-110637 EXPLOITDB text WORKING POC
PHP Address Book 3.1.5 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
CVE-2008-4333 EXPLOITDB text WRITEUP
PHP infoBoard V.7 Plus - Cross-Site Scripting via isname Parameter
Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action.