H-T Team

13 exploits Active since Jan 2008
CVE-2008-1848 EXPLOITDB text WORKING POC
JoomlaXplorer <1.6.2 - XSS
Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
CVE-2008-0148 EXPLOITDB text WORKING POC
TUTOS 1.3 - Remote Code Execution via cmd.php cmd Parameter
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
CVE-2008-0149 EXPLOITDB text WORKING POC
TUTOS 1.3 - Information Exposure via phpinfo.php
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
CVE-2008-0433 EXPLOITDB text WRITEUP
Agares phpAutoVideo < 2.21 - Remote Code Execution via Loadpage Parameter
PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.
CVE-2008-0432 EXPLOITDB text WRITEUP
phpAutoVideo < 2.21 - Cross-Site Scripting via Cat Parameter
Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2008-1857 EXPLOITDB text WORKING POC
Make our Life Easy Mole <2.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
CVE-2007-6653 EXPLOITDB text WORKING POC
Mihalism Multi Host <2.0.7 - Path Traversal
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-1757 EXPLOITDB text WRITEUP
KwsPHP 1.0 - Cross-Site Scripting via ConcoursPhoto VIEW Parameter
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.
EIP-2026-108804 EXPLOITDB text WORKING POC
Joomla! Component mygallery - 'cid' SQL Injection
CVE-2008-1849 EXPLOITDB text WORKING POC
Mambo/Joomla! <1.6.2 - Path Traversal
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
EIP-2026-108148 EXPLOITDB text WORKING POC
Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections
CVE-2008-0425 EXPLOITDB text WRITEUP
Frimousse 0.0.2 - Unauthenticated Absolute Path Traversal via explorerdir.php name Parameter
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
CVE-2008-0091 EXPLOITDB text WORKING POC
agency4net WEBFTP 1 - Path Traversal and Arbitrary File Read/Delete via download2.php file Parameter
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.