Cr@zy_King

30 exploits Active since Jul 2005
CVE-2008-3087 EXPLOITDB text WORKING POC
Kasseler-cms Kasseler Cms - Path Traversal
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
CVE-2008-2094 EXPLOITDB python WORKING POC
Xoops Article Module - SQL Injection
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2355 EXPLOITDB text WORKING POC
Wr-script Wr-meeting - Path Traversal
Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event.
CVE-2008-2836 EXPLOITDB text WORKING POC
K5N Webcalendar - Code Injection
PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.
CVE-2008-1876 EXPLOITDB text WORKING POC
VisualPic 0.3.1 - RCE
PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter.
CVE-2008-3414 EXPLOITDB text WORKING POC
SiteAdmin <line2.php - SQL Injection
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
EIP-2026-111655 EXPLOITDB text WORKING POC
qwicsite pro - SQL Injection / Cross-Site Scripting
CVE-2008-3346 EXPLOITDB text WORKING POC
ShopCart DX - SQL Injection
SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-1462 EXPLOITDB text WRITEUP
RunCMS - Section Module < SQL Injection
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.
CVE-2008-2084 EXPLOITDB text WORKING POC
Myarticles - SQL Injection
SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action.
CVE-2008-2673 EXPLOITDB text WORKING POC
Powie Pnews - SQL Injection
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
CVE-2008-1164 EXPLOITDB text WORKING POC
phpComasy 0.8 - SQL Injection
SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.
CVE-2008-1847 EXPLOITDB text WORKING POC
CoronaMatrix phpAddressBook <2.11 - SQL Injection
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6812 EXPLOITDB text WRITEUP
myPHPCalendar 10.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php.
CVE-2005-2157 EXPLOITDB text WORKING POC
Nabopoll 1.2 - RCE
PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter.
CVE-2008-1635 EXPLOITDB text WRITEUP
Keep It Simple Guest Book <5.1.1 - Path Traversal
Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected.
CVE-2008-3088 EXPLOITDB text WORKING POC
Kasseler-cms Kasseler Cms - XSS
Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.
CVE-2008-0743 EXPLOITDB text WORKING POC
Joovili < 2.1 - Code Injection
PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.
CVE-2008-1540 EXPLOITDB text WORKING POC
Joomla! & Mambo com_datsogallery 1.3.1 - SQL Injection
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-108133 EXPLOITDB text WORKING POC
Joomla! / Mambo Component Artists - 'idgalery' SQL Injection
CVE-2008-4668 EXPLOITDB text WRITEUP
Joomla Com Imagebrowser - Path Traversal
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
EIP-2026-108213 EXPLOITDB text WORKING POC
Joomla! Component Artist - 'idgalery' SQL Injection
CVE-2008-2447 EXPLOITDB text WORKING POC
Mytipper Zogo Shop - SQL Injection
SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-1122 EXPLOITDB text WRITEUP
Koobi Pro <5.7 - SQL Injection
SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0.
CVE-2007-4937 EXPLOITDB text WRITEUP
Comscripts CS Guestbook - Access Control
CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.