CraCkEr

101 exploits Active since Mar 2007
EIP-2026-111629 EXPLOITDB text WRITEUP
Quate CMS 0.3.4 - Local File Inclusion / Cross-Site Scripting
CVE-2008-4674 EXPLOITDB text WORKING POC
Conkurent Real Estate Manager 1.01 - SQL Injection via cat_id Parameter
SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode.
CVE-2008-1043 EXPLOITDB text WORKING POC
Linux Web Shop php User Base 1.3 BETA - Remote Code Execution via Menu Parameter
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
CVE-2008-5204 EXPLOITDB text WORKING POC
PowerAward 1.1.0 RC1 - Path Traversal
Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.
CVE-2008-3445 EXPLOITDB text WORKING POC
phpMyRealty 2.0.0 - SQL Injection via Location Parameter
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.
CVE-2023-4116 EXPLOITDB MEDIUM text WRITEUP
PHPJabbers Taxi Booking 2.0 - Cross-Site Scripting via Index Parameter
A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2023-4112 EXPLOITDB MEDIUM text WORKING POC
PHPJabbers Shuttle Booking Software 1.0 - Cross-Site Scripting in /index.php
A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2023-4113 EXPLOITDB MEDIUM text WORKING POC
PHPJabbers Service Booking Script 1.0 - Cross-Site Scripting via Index Parameter
A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2023-4117 EXPLOITDB MEDIUM text WRITEUP
PHP Jabbers Rental Property Booking 2.0 - Cross-Site Scripting via Index Parameter
A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2023-4114 EXPLOITDB MEDIUM text WORKING POC
PHPJabbers Night Club Booking Software 1.0 - Cross-Site Scripting via Index Parameter
A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2023-4115 EXPLOITDB MEDIUM text WRITEUP
PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting via Index Parameter
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2008-2986 EXPLOITDB text WORKING POC
phpdmca 1.0.0 - Remote File Inclusion via ourlinux_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/.
CVE-2009-2219 EXPLOITDB text WORKING POC
phpCollegeExchange 0.1.5c - Cross-Site Scripting via Session Handle or Home Parameter
Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/.
CVE-2008-5171 EXPLOITDB text WRITEUP
phpBLASTER CMS 1.0 RC1 - Path Traversal
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters.
CVE-2008-5210 EXPLOITDB text WORKING POC
PhpBlock A8.5 - Remote Code Execution via PATH_TO_CODE Parameter
Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776.
CVE-2008-1051 EXPLOITDB text WORKING POC
phpProfiles 4.5.2 BETA - Remote Code Execution via include/body_comm.inc.php content Parameter
PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
EIP-2026-110591 EXPLOITDB text WORKING POC
pHNews CMS Alpha 1 - Local File Inclusion
CVE-2008-3682 EXPLOITDB text WORKING POC
YPN PHP Realty - SQL Injection via dpage.php docID Parameter
SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.
CVE-2008-2871 EXPLOITDB text WRITEUP
PEGames - Cross-Site Scripting via sitetitle sitenav sitemain or sitealt Parameters
Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-110226 EXPLOITDB text WRITEUP
Open Digital Assets Repository System 1.0.2 - Remote File Inclusion
CVE-2008-2979 EXPLOITDB text WORKING POC
Ourvideo CMS 9.5 - Cross-Site Scripting via top_page and end_page Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters.
CVE-2008-2885 EXPLOITDB text WORKING POC
Odars - Code Injection
PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter.
CVE-2007-6585 EXPLOITDB text WORKING POC
nmnnewsletter 1.0.7 - Remote Code Execution via confirmUnsubscription.php output Parameter
PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.
CVE-2008-5943 EXPLOITDB text WRITEUP
NavBoard 16 (2.6.0) - Path Traversal
Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to (1) admin_modules.php and (2) modules.php.
CVE-2008-5944 EXPLOITDB text WRITEUP
NavBoard 2.6.0 - Cross-Site Scripting via Module Parameter
Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter.