Crackers_Child

59 exploits Active since Aug 2006
CVE-2007-3450 EXPLOITDB WORKING POC
Gorani Network 6alblog - SQL Injection
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3449 EXPLOITDB text WORKING POC
Gorani Network 6alblog - SQL Injection
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2006-5763 EXPLOITDB text WORKING POC
Free File Hosting <1.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php. NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. Vector 1 also affects Free Image Hosting 2.0, which contains the same code.
CVE-2006-5762 EXPLOITDB text WORKING POC
Free PHP Scripts Free File Hosting < 1.1 - Code Injection
PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.
CVE-2007-3271 EXPLOITDB text WORKING POC
YourFreeScreamer 1.0 - RCE
PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter.
CVE-2007-6229 EXPLOITDB text WORKING POC
Rayzz Script 2.0 - RCE
PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter.
CVE-2007-3315 EXPLOITDB text WORKING POC
YourFreeScreamer 1.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in (1) templates/Classic/, (2) templates/Classic Guestbook/, (3) templates/DarkNights/, and (4) templates/Simplistic/, different vectors than CVE-2007-3271. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2485 EXPLOITDB text WORKING POC
myflash <1.00 - RCE
PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
CVE-2007-6141 EXPLOITDB text WORKING POC
vBTube 1.1 Beta - XSS
Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2007-4384 EXPLOITDB text WORKING POC
Stephane Pineau VOTE 1c - RCE
Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters.
CVE-2008-0137 EXPLOITDB text WORKING POC
Snetworks Php Classifieds - SQL Injection
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
CVE-2008-0143 EXPLOITDB text WORKING POC
Spacial Audio Solutions Sam Broadcaster - Code Injection
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.
CVE-2008-1462 EXPLOITDB text WRITEUP
RunCMS - Section Module < SQL Injection
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.
CVE-2007-6230 EXPLOITDB text WORKING POC
Rayzz Script 2.0 - Path Traversal
Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter.
EIP-2026-111631 EXPLOITDB text WORKING POC
QuestCMS - 'main.php' Remote File Inclusion
CVE-2008-4721 EXPLOITDB text WORKING POC
PHP Jabbers Post Comment - Information Disclosure
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
CVE-2006-5234 EXPLOITDB text WRITEUP
phpWebSite 0.10.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable
EIP-2026-111091 EXPLOITDB text WORKING POC
PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass
CVE-2008-0907 EXPLOITDB text WORKING POC
Php-nuke Inhalt Module - SQL Injection
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-6092 EXPLOITDB text WORKING POC
phpscripts Ranking Script - Auth Bypass
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
CVE-2008-4719 EXPLOITDB text WORKING POC
Openengine - Code Injection
PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329.
CVE-2007-6139 EXPLOITDB text WORKING POC
Mp3 ToolBox 1.0 beta 5 - RCE
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
EIP-2026-109804 EXPLOITDB text WRITEUP
MySQLDumper 1.21 - 'sql.php' Cross-Site Scripting
CVE-2006-4230 EXPLOITDB text WRITEUP
Lizge V.20 Web Portal - RCE
Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters.
CVE-2007-6649 EXPLOITDB text WORKING POC
MatPo Bilder Galerie 1.1 - RCE
PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.