Crackers_Child

59 exploits Active since Aug 2006
CVE-2007-3450 EXPLOITDB WORKING POC
6ALBlog - SQL Injection via Member Parameter
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3449 EXPLOITDB text WORKING POC
6ALBlog - SQL Injection via Newsid Parameter
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2006-5763 EXPLOITDB text WORKING POC
Free File Hosting < 1.1 - Remote File Inclusion via AD_BODY_TEMP Parameter
Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php. NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. Vector 1 also affects Free Image Hosting 2.0, which contains the same code.
CVE-2006-5762 EXPLOITDB text WORKING POC
Free File Hosting < 1.1 - Remote Code Execution via AD_BODY_TEMP Parameter
PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.
CVE-2007-3271 EXPLOITDB text WORKING POC
YourFreeScreamer 1.0 - Remote File Inclusion via serverPath Parameter
PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter.
CVE-2007-6229 EXPLOITDB text WORKING POC
Rayzz Script 2.0 - Remote Code Execution via CFG[site][project_path] Parameter
PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter.
CVE-2007-3315 EXPLOITDB text WORKING POC
YourFreeScreamer 1.0 - Remote File Inclusion via serverPath Parameter
Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in (1) templates/Classic/, (2) templates/Classic Guestbook/, (3) templates/DarkNights/, and (4) templates/Simplistic/, different vectors than CVE-2007-3271. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2485 EXPLOITDB text WORKING POC
myflash < 1.00 - Remote File Inclusion via wpPATH Parameter
PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
CVE-2007-6141 EXPLOITDB text WORKING POC
vBTube 1.1 Beta - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2007-4384 EXPLOITDB text WORKING POC
Stephane Pineau VOTE 1c - Remote File Inclusion via NomVote or FilePalHex Parameter
Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters.
CVE-2008-0137 EXPLOITDB text WORKING POC
SNETWORKS PHP CLASSIFIEDS 5.0 - Remote File Inclusion via path_escape Parameter
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
CVE-2008-0143 EXPLOITDB text WORKING POC
SAM Broadcaster samPHPweb - Remote Code Execution via commonpath Parameter
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.
CVE-2008-1462 EXPLOITDB text WRITEUP
RunCMS - Section Module < SQL Injection
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.
CVE-2007-6230 EXPLOITDB text WORKING POC
Rayzz Script 2.0 - Path Traversal via CFG[site][project_path] Parameter
Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter.
EIP-2026-111631 EXPLOITDB text WORKING POC
QuestCMS - 'main.php' Remote File Inclusion
CVE-2008-4721 EXPLOITDB text WORKING POC
PHP Jabbers Post Comment 3.0 - Unauthenticated Administrative Access via PostCommentsAdmin Cookie
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
CVE-2006-5234 EXPLOITDB text WRITEUP
phpWebSite 0.10.2 - Remote File Inclusion via PHPWS_SOURCE_DIR Parameter
Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable
EIP-2026-111091 EXPLOITDB text WORKING POC
PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass
CVE-2008-0907 EXPLOITDB text WORKING POC
PHP-Nuke Inhalt Module - SQL Injection via cid Parameter
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-6092 EXPLOITDB text WORKING POC
phpscripts Ranking Script - Auth Bypass
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
CVE-2008-4719 EXPLOITDB text WORKING POC
openengine 2.0 beta2 - Remote Code Execution via oe_classpath Parameter
PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329.
CVE-2007-6139 EXPLOITDB text WORKING POC
Mp3 ToolBox 1.0 beta 5 - Remote Code Execution via Skin File Parameter
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
EIP-2026-109804 EXPLOITDB text WRITEUP
MySQLDumper 1.21 - 'sql.php' Cross-Site Scripting
CVE-2006-4230 EXPLOITDB text WRITEUP
Lizge V.20 Web Portal - Remote File Inclusion via lizge or bade Parameter
Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters.
CVE-2007-6649 EXPLOITDB text WORKING POC
matpo_bilder_galerie 1.1 - Remote Code Execution via config[root_ordner] Parameter
PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.