GHC

7 exploits Active since Jan 2005
CVE-2005-2383 EXPLOITDB text WRITEUP
PHPNews 1.2.5 - SQL Injection via User Parameter
SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the user parameter in an HTTP POST request.
CVE-2005-0413 EXPLOITDB text WORKING POC
MyPHP Forum 1.0 - SQL Injection via forum.php fid Parameter
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.
CVE-2005-0368 EXPLOITDB text WORKING POC
CMScore - SQL Injection via EntryID, searchterm, or username Parameter
Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php.
EIP-2026-105833 EXPLOITDB text WORKING POC
Chipmunk Forums - SQL Injection
CVE-2005-0436 EXPLOITDB perl WORKING POC
AWStats 6.3-6.4 - Remote Code Execution via PluginMode Parameter
Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.
CVE-2005-0116 EXPLOITDB perl WORKING POC
awstats < 6.3 - Remote Code Execution via configdir Parameter
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
EIP-2026-100744 EXPLOITDB text WRITEUP
AWStats 5.x/6.x - Debug Remote Information Disclosure