Ghost Hacker

23 exploits Active since Jun 2008
CVE-2008-4532 EXPLOITDB perl SCANNER
Maxiscript Website Directory - XSS
Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action.
CVE-2008-4669 EXPLOITDB text WRITEUP
DAN Fletcher Recipe Script - XSS
Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2884 EXPLOITDB text WORKING POC
Rss Aggregator - Code Injection
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-7087 EXPLOITDB text WRITEUP
Openpro - Code Injection
PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.
EIP-2026-109482 EXPLOITDB text WRITEUP
MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusions
EIP-2026-109403 EXPLOITDB text WRITEUP
Membership Script - Multiple Cross-Site Scripting Vulnerabilities
CVE-2008-4672 EXPLOITDB text WRITEUP
Goodlyrics Lyrics Script - XSS
Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4751 EXPLOITDB text WRITEUP
Epistream Ipei Guestbook - XSS
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.
CVE-2008-5901 EXPLOITDB text WRITEUP
iyzi Forum 1.0 beta 3 - Info Disclosure
iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-3402 EXPLOITDB text WORKING POC
HIOX Browser Statistics <2.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
CVE-2008-6305 EXPLOITDB text WORKING POC
Freedirectoryscript Free Directory Script - Code Injection
PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter.
CVE-2008-3183 EXPLOITDB text WRITEUP
PHP <gapicms 9.0.2 - RCE
PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter.
CVE-2008-3127 EXPLOITDB text WORKING POC
HIOX Banner Rotator <1.3 - RCE
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2008-3401 EXPLOITDB text WORKING POC
HIOX Random Ad (HRA) 1.3 - RCE
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2008-3587 EXPLOITDB text WORKING POC
Chris Bunting Homes 4 Sale - XSS
Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
CVE-2008-3293 EXPLOITDB text WORKING POC
EZWebAlbum - Path Traversal
Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.
CVE-2008-3448 EXPLOITDB text WRITEUP
csphonebook 1.02 - XSS
Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.
CVE-2008-4670 EXPLOITDB text WRITEUP
ED Putal Clickbank Portal - XSS
Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote attackers to inject arbitrary web script or HTML via the search box. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4737 EXPLOITDB text WRITEUP
Noc2 Whodomlite - XSS
Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter.
CVE-2008-5596 EXPLOITDB text WRITEUP
Ikon AdManager <2.1 - Info Disclosure
Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.
CVE-2008-5606 EXPLOITDB text WRITEUP
Gazatem QMail Mailing List Manager 1.2 - Info Disclosure
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.
CVE-2008-5572 EXPLOITDB text WRITEUP
Professional Download Assistant 0.1 - Info Disclosure
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.
CVE-2008-5932 EXPLOITDB text WORKING POC
CodeAvalanche FreeForum - Info Disclosure
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information.