CrAzY CrAcKeR

16 exploits Active since Apr 2006
CVE-2006-3254 EXPLOITDB text WRITEUP
Woltlab Burning Board 2.0 RC2 - SQL Injection
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
EIP-2026-113463 EXPLOITDB text WRITEUP
Woltlab Burning Board 2.x - Multiple SQL Injections
CVE-2006-3255 EXPLOITDB text WRITEUP
Woltlab Burning Board 1.2 - SQL Injection
SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
CVE-2006-3256 EXPLOITDB text WRITEUP
Woltlab Burning Board <2.3.1 - SQL Injection
SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2006-3474 EXPLOITDB text WRITEUP
Belchior Foundry vCard PRO - SQL Injection
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php.
EIP-2026-113032 EXPLOITDB text WRITEUP
VBZoom 1.0/1.1 - Multiple SQL Injections
CVE-2006-3474 EXPLOITDB text WRITEUP
Belchior Foundry vCard PRO - SQL Injection
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php.
CVE-2006-3474 EXPLOITDB text WRITEUP
Belchior Foundry vCard PRO - SQL Injection
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php.
CVE-2006-3474 EXPLOITDB text WRITEUP
Belchior Foundry vCard PRO - SQL Injection
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php.
CVE-2006-2037 EXPLOITDB text WRITEUP
Thwboard 3.0 Beta 2.84 - Cross-Site Scripting via Navpath Parameter
Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter.
CVE-2006-3161 EXPLOITDB text WRITEUP
SaphpLesson <= 1.1 - SQL Injection via Action Parameter
SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter.
CVE-2008-2110 EXPLOITDB text WRITEUP
QTOFileManager 1.0 - Unauthenticated Arbitrary File Upload via qtofm.php
Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.
CVE-2006-3543 EXPLOITDB text WRITEUP
Invision Power Board <2.x - SQL Injection
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB
CVE-2006-3363 EXPLOITDB text WRITEUP
Xoops Glossaire Module 1.7 - Remote File Inclusion via Index.php pa Parameter
PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter.
EIP-2026-106185 EXPLOITDB text WORKING POC
Cour Supreme - SQL Injection
CVE-2006-2973 EXPLOITDB text WRITEUP
PHP Lite Calendar Express 2.2 - SQL Injection
Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.