Crackers_Child

59 exploits Active since Aug 2006
EIP-2026-109301 EXPLOITDB text WRITEUP
Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Multiple Remote File Inclusions
CVE-2006-4230 EXPLOITDB text WRITEUP
Lizge V.20 Web Portal - RCE
Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters.
CVE-2006-6051 EXPLOITDB perl WORKING POC
Mambo/Joomla! - RCE
PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3990 EXPLOITDB text WRITEUP
Paul M. Jones Savant2 - RCE
Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Savant2, possibly when used with the com_mtree component for Mambo and Joomla!, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) Savant2_Plugin_stylesheet.php, (2) Savant2_Compiler_basic.php, (3) Savant2_Error_pear.php, (4) Savant2_Error_stack.php, (5) Savant2_Filter_colorizeCode.php, (6) Savant2_Filter_trimwhitespace.php, (7) Savant2_Plugin_ahref.php, (8) Savant2_Plugin_ahrefcontact.php, (9) Savant2_Plugin_ahreflisting.php, (10) Savant2_Plugin_ahreflistingimage.php, (11) Savant2_Plugin_ahrefmap.php, (12) Savant2_Plugin_ahrefownerlisting.php, (13) Savant2_Plugin_ahrefprint.php, (14) Savant2_Plugin_ahrefrating.php, (15) Savant2_Plugin_ahrefrecommend.php, (16) Savant2_Plugin_ahrefreport.php, (17) Savant2_Plugin_ahrefreview.php, (18) Savant2_Plugin_ahrefvisit.php, (19) Savant2_Plugin_checkbox.php, (20) Savant2_Plugin_cycle.php, (21) Savant2_Plugin_dateformat.php, (22) Savant2_Plugin_editor.php, (23) Savant2_Plugin_form.php, (24) Savant2_Plugin_image.php, (25) Savant2_Plugin_input.php, (26) Savant2_Plugin_javascript.php, (27) Savant2_Plugin_listalpha.php, (28) Savant2_Plugin_listingname.php, (29) Savant2_Plugin_modify.php, (30) Savant2_Plugin_mtpath.php, (31) Savant2_Plugin_options.php, (32) Savant2_Plugin_radios.php, (33) Savant2_Plugin_rating.php, or (34) Savant2_Plugin_textarea.php.
CVE-2008-0653 EXPLOITDB text WORKING POC
Joomla Com Ynews - SQL Injection
SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action.
CVE-2008-2091 EXPLOITDB text WRITEUP
Kubelabs Kubelance - Path Traversal
Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter.
CVE-2008-0567 EXPLOITDB text WORKING POC
Chronoengine Chronoforms - Code Injection
Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/.
CVE-2007-6027 EXPLOITDB text WORKING POC
Joomla! Carousel Flash Image Gallery - RCE
PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-0684 EXPLOITDB text WRITEUP
Itechscripts Itechclassifieds - XSS
Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter.
EIP-2026-107798 EXPLOITDB text WRITEUP
Image_Upload Script 2.0 - Multiple Remote File Inclusions
EIP-2026-107635 EXPLOITDB text WORKING POC
HostDirectory Pro - Insecure Cookie Handling
CVE-2008-0685 EXPLOITDB text WRITEUP
Itechscripts Itechclassifieds - SQL Injection
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
EIP-2026-107629 EXPLOITDB text WORKING POC
Host Directory PRO - Cookie Security Bypass
CVE-2007-1715 EXPLOITDB text WORKING POC
Free Image Hosting <2.0 - RCE
PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763.
CVE-2008-6736 EXPLOITDB text WRITEUP
Circulargenius Flat Calendar - Access Control
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
CVE-2008-0688 EXPLOITDB text WRITEUP
Smartscript Domain Trader - XSS
Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action.
CVE-2006-5251 EXPLOITDB text WORKING POC
Deep CMS 2.0a - RCE
PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5535 EXPLOITDB text WRITEUP
Cpanel - XSS
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
EIP-2026-106230 EXPLOITDB text WRITEUP
Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusions
CVE-2006-5535 EXPLOITDB text WRITEUP
Cpanel - XSS
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
CVE-2008-4703 EXPLOITDB text WORKING POC
Bosdev Bosnews - SQL Injection
SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter.
CVE-2007-1516 EXPLOITDB perl WORKING POC
Cicoandcico CcMail 1.0 - RCE
PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter.
CVE-2007-1714 EXPLOITDB text WRITEUP
Cccounter - XSS
Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter.
CVE-2007-1812 EXPLOITDB text WORKING POC
BT-Sondage 112 - RCE
PHP remote file inclusion vulnerability in utilitaires/gestion_sondage.php in BT-Sondage 112 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire_visiteur parameter.
CVE-2008-0921 EXPLOITDB text WORKING POC
Becontent - SQL Injection
SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.