H-T Team

13 exploits Active since Jan 2008
CVE-2008-1848 EXPLOITDB text WORKING POC
JoomlaXplorer <1.6.2 - XSS
Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
CVE-2008-0148 EXPLOITDB text WORKING POC
Tutos - Access Control
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
CVE-2008-0149 EXPLOITDB text WORKING POC
TUTOS 1.3 - Info Disclosure
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
CVE-2008-0433 EXPLOITDB text WRITEUP
Agares Media Phpautovideo < 2.21 - Code Injection
PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.
CVE-2008-0432 EXPLOITDB text WRITEUP
Agares Media Phpautovideo < 2.21 - XSS
Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2008-1857 EXPLOITDB text WORKING POC
Make our Life Easy Mole <2.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
CVE-2007-6653 EXPLOITDB text WORKING POC
Mihalism Multi Host <2.0.7 - Path Traversal
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-1757 EXPLOITDB text WRITEUP
KwsPHP 1.0 - XSS
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.
EIP-2026-108804 EXPLOITDB text WORKING POC
Joomla! Component mygallery - 'cid' SQL Injection
CVE-2008-1849 EXPLOITDB text WORKING POC
Mambo/Joomla! <1.6.2 - Path Traversal
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
EIP-2026-108148 EXPLOITDB text WORKING POC
Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections
CVE-2008-0425 EXPLOITDB text WRITEUP
Frimousse - Access Control
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
CVE-2008-0091 EXPLOITDB text WORKING POC
Agency4net Webftp - Path Traversal
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.