Crackers_Child

59 exploits Active since Aug 2006
CVE-2007-6129 EXPLOITDB text WORKING POC
Amber Script 1.0 - Directory Traversal via id Parameter
Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
EIP-2026-105271 EXPLOITDB text WORKING POC
ASPapp Knowledge Base - 'CatId' SQL Injection (2)
CVE-2008-1919 EXPLOITDB text WORKING POC
YourFreeWorld Apartment Search Script - SQL Injection
SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter.
CVE-2007-3451 EXPLOITDB text WORKING POC
6ALBlog - Authenticated Remote File Inclusion via admin/index.php pg Parameter
PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter.
CVE-2008-0804 EXPLOITDB text WORKING POC
Thecus N5200Pro NAS Server Control Panel - Remote Code Execution via usrgetform.html name Parameter
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.
CVE-2006-5512 EXPLOITDB text WORKING POC
Zwahlen Online Shop - Cross-Site Scripting via article.htm cat Parameter
Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2007-3133 EXPLOITDB text WORKING POC
W1L3D4 WEBmarket 0.1 - SQL Injection via urunbak.asp id Parameter
SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4176 EXPLOITDB text WORKING POC
FoT Video scripti 1.1 beta - SQL Injection via izle.asp oyun Parameter
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.
CVE-2008-4574 EXPLOITDB text WORKING POC
Ayco Okul Portali - SQL Injection via default.asp linkid Parameter
SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter.