CoBRa_21

68 exploits Active since Nov 2004
CVE-2008-6316 EXPLOITDB WORKING POC
Phpmygallery - Path Traversal
Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-2008-6318.
CVE-2004-0239 EXPLOITDB WORKING POC
Photopost Php Pro - SQL Injection
SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.
CVE-2011-4811 EXPLOITDB text WRITEUP
BST Bestshoppro - SQL Injection
SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.
CVE-2008-6317 EXPLOITDB text WORKING POC
Phpmygallery - Path Traversal
Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316.
CVE-2010-1300 EXPLOITDB text WORKING POC
Yamamah (Dove Photo Album) 1.00 - SQL Injection
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.
EIP-2026-113320 EXPLOITDB text WORKING POC
Webistry 1.6 - 'pid' SQL Injection
EIP-2026-113321 EXPLOITDB text WORKING POC
Webit CMS - SQL Injection
CVE-2009-3064 EXPLOITDB text WORKING POC
Rein Velt Vedit - Path Traversal
Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _GET[filename] parameter.
EIP-2026-112748 EXPLOITDB text WORKING POC
Toronja CMS - HTML / Cross-Site Scripting Injection
EIP-2026-112589 EXPLOITDB text WORKING POC
Telia Web Design - 'index.php' SQL Injection
EIP-2026-112553 EXPLOITDB text WORKING POC
Tainos Webdesign (All Scripts) - SQL Injection / Cross-Site Scripting / HTML Injection
EIP-2026-112543 EXPLOITDB text WRITEUP
TA.CMS (TeachArabia) - 'index.php?id' SQL Injection
CVE-2010-1925 EXPLOITDB text WORKING POC
Rifat Kurban Tekno.portal - SQL Injection
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817.
EIP-2026-112544 EXPLOITDB text WORKING POC
TA.CMS (TeachArabia) - 'lang' Traversal Local File Inclusion
EIP-2026-112362 EXPLOITDB text WORKING POC
Spaceacre - '/index.php' SQL Injection / HTML / Cross-Site Scripting Injection
EIP-2026-112518 EXPLOITDB text WRITEUP
sX-Shop - Multiple SQL Injections
EIP-2026-112275 EXPLOITDB text WORKING POC
SnoGrafx - 'cat.php?cat' SQL Injection
CVE-2010-2926 EXPLOITDB text WORKING POC
sNews 1.7 - SQL Injection
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2008-6388 EXPLOITDB text WRITEUP
4u2ges Rapid Classified - Access Control
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.
EIP-2026-111712 EXPLOITDB text WORKING POC
Realtor WebSite System E-Commerce - idfestival SQL Injection
EIP-2026-111840 EXPLOITDB text WORKING POC
runt-communications Design - 'property_more.php' SQL Injection
EIP-2026-111491 EXPLOITDB text WORKING POC
PreProject Multi-Vendor Shopping Malls - 'products.php?sid' SQL Injection
EIP-2026-111490 EXPLOITDB text WRITEUP
PreProject Multi-Vendor Shopping Malls - 'products.php' SQL Injection
CVE-2009-3188 EXPLOITDB text WORKING POC
David Frohlich Phpsane - Code Injection
PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the file_save parameter.
CVE-2009-4870 EXPLOITDB text WORKING POC
Phpcityportal - SQL Injection
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information.