DarKdewiL

4 exploits Active since Aug 2007
CVE-2009-4928 EXPLOITDB text WORKING POC
TotalCalendar 2.4 - Remote Code Execution via inc_dir Parameter
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
CVE-2009-4883 EXPLOITDB text WORKING POC
PHPRecipeBook 2.24 and 2.39 - SQL Injection via base_id or course_id Parameter
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.
CVE-2007-4458 EXPLOITDB text WORKING POC
PHP <includes/class/class_tpl.php - RCE
PHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter.
CVE-2007-4457 EXPLOITDB text WORKING POC
Dalai Forum 1.1 - Path Traversal via Chemin Parameter
Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter.