Ghost Hacker

23 exploits Active since Jun 2008
CVE-2008-4532 EXPLOITDB perl SCANNER
MaxiScript Website Directory - Cross-Site Scripting via Keyword Parameter in Search Action
Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action.
CVE-2008-4669 EXPLOITDB text WRITEUP
Dan Fletcher Recipe Script - Cross-Site Scripting via Search Keyword Parameter
Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2884 EXPLOITDB text WORKING POC
rss_aggregator - Remote Code Execution via Path Parameter
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-7087 EXPLOITDB text WRITEUP
OpenPro 1.3.1 - Remote Code Execution via LIBPATH Parameter
PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.
EIP-2026-109482 EXPLOITDB text WRITEUP
MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusions
EIP-2026-109403 EXPLOITDB text WRITEUP
Membership Script - Multiple Cross-Site Scripting Vulnerabilities
CVE-2008-4672 EXPLOITDB text WRITEUP
Lyrics Script - Cross-Site Scripting via Search Results k Parameter
Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4751 EXPLOITDB text WRITEUP
iPei Guestbook 2.0 - Cross-Site Scripting via pg Parameter
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.
CVE-2008-5901 EXPLOITDB text WRITEUP
iyzi Forum 1.0 beta 3 - Info Disclosure
iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-3402 EXPLOITDB text WORKING POC
HIOX Browser Statistics 2.0 - Remote Code Execution via hm Parameter
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
CVE-2008-6305 EXPLOITDB text WORKING POC
Free Directory Script 1.1.1 - Remote Code Execution via API_HOME_DIR Parameter
PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter.
CVE-2008-3183 EXPLOITDB text WRITEUP
gapicms 9.0.2 - Remote Code Execution via dirDepth Parameter
PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter.
CVE-2008-3127 EXPLOITDB text WORKING POC
HIOX Banner Rotator 1.3 - Remote File Inclusion via hm Parameter
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2008-3401 EXPLOITDB text WORKING POC
HIOX Random Ad 1.3 - Remote Code Execution via hm Parameter
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2008-3587 EXPLOITDB text WORKING POC
Homes 4 Sale - Cross-Site Scripting via result.php r Parameter
Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
CVE-2008-3293 EXPLOITDB text WORKING POC
EZWebAlbum - Path Traversal via dlfilename Parameter
Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.
CVE-2008-3448 EXPLOITDB text WRITEUP
csphonebook 1.02 - Cross-Site Scripting via Letter Parameter
Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.
CVE-2008-4670 EXPLOITDB text WRITEUP
Ed Pudol Clickbank Portal - Cross-Site Scripting via Search Box
Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote attackers to inject arbitrary web script or HTML via the search box. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4737 EXPLOITDB text WRITEUP
WhoDomLite 1.1.3 - Cross-Site Scripting via dom Parameter
Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter.
CVE-2008-5596 EXPLOITDB text WRITEUP
Ikon AdManager <2.1 - Info Disclosure
Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.
CVE-2008-5606 EXPLOITDB text WRITEUP
Gazatem QMail Mailing List Manager 1.2 - Info Disclosure
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.
CVE-2008-5572 EXPLOITDB text WRITEUP
Professional Download Assistant 0.1 - Info Disclosure
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.
CVE-2008-5932 EXPLOITDB text WORKING POC
CodeAvalanche FreeForum - Info Disclosure
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information.