CWH Underground

145 exploits Active since Jun 2006
CVE-2008-6911 EXPLOITDB perl WORKING POC
BrewBlogger 2.1.0.1 - SQL Injection via loginUsername Parameter
SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.inc.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6431 EXPLOITDB text WRITEUP
BMForum 5.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php.
CVE-2008-6431 EXPLOITDB text WRITEUP
BMForum 5.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php.
CVE-2008-6431 EXPLOITDB text WRITEUP
BMForum 5.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php.
EIP-2026-105542 EXPLOITDB php WORKING POC
BloofoxCMS - 'index.php' Arbitrary File Upload
CVE-2008-2987 EXPLOITDB text WRITEUP
Benja CMS 0.1 - Cross-Site Scripting via PATH_INFO to Admin Menu Pages
Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.
CVE-2008-2987 EXPLOITDB text WRITEUP
Benja CMS 0.1 - Cross-Site Scripting via PATH_INFO to Admin Menu Pages
Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.
CVE-2008-2987 EXPLOITDB text WRITEUP
Benja CMS 0.1 - Cross-Site Scripting via PATH_INFO to Admin Menu Pages
Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.
EIP-2026-105406 EXPLOITDB text WRITEUP
Basic-CMS - Blind SQL Injection
CVE-2008-6513 EXPLOITDB text WORKING POC
Aphpkb - Code Injection
Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.
CVE-2008-3133 EXPLOITDB perl WORKING POC
BareNuked CMS 1.1.0 - SQL Injection
SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2008-3200 EXPLOITDB text WORKING POC
avlc_forum - SQL Injection via id Parameter in affich_message Action
SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action.
CVE-2006-3151 EXPLOITDB text WRITEUP
AssoCIateD <= 1.2.0 - Cross-Site Scripting via Menu Parameter
Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
CVE-2008-2398 EXPLOITDB text WORKING POC
AppServ < 2.5.10 - Cross-Site Scripting via appservlang Parameter
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
CVE-2008-6665 EXPLOITDB text WORKING POC
Ananta CMS 1.0b5 - Remote Code Execution via Email Parameter
change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.
CVE-2008-4713 EXPLOITDB text WORKING POC
212cafe Board 0.07 - SQL Injection via qID Parameter
SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter.
CVE-2008-2561 EXPLOITDB text WORKING POC
427BB 2.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php.
EIP-2026-100527 EXPLOITDB text WORKING POC
rgb72 WCMS 1.0 - 'index.php' SQL Injection
CVE-2008-6872 EXPLOITDB text WRITEUP
ASPThai.NET ASPThai Forums 8.5 - Unauthenticated Sensitive Information Exposure via Direct Database Download
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb.
CVE-2008-6382 EXPLOITDB text WRITEUP
Aspportal - Access Control
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.