HaCkeR_EgY

22 exploits Active since Apr 2008
CVE-2008-2197 EXPLOITDB text WORKING POC
Miniweb2 blog_writer 2.0 - SQL Injection via Historymonth Parameter
SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.
CVE-2008-2342 EXPLOITDB text WORKING POC
News Manager 2.0 - Path Traversal via Attachments.php ID Parameter
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2008-2341 EXPLOITDB text WORKING POC
News Manager 2.0 - Remote Code Execution via ch_readalso.php read_xml_include Parameter
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
CVE-2008-2340 EXPLOITDB text WORKING POC
News Manager 2.0 - SQL Injection via lang or pid Parameter
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
CVE-2008-2443 EXPLOITDB text WORKING POC
The Real Estate Script - SQL Injection via docID Parameter
SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter.
CVE-2008-1799 EXPLOITDB text WORKING POC
sabros.us 1.75 - Path Traversal via thumbnails.php img Parameter
Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
CVE-2008-1755 EXPLOITDB text WORKING POC
World of Phaos 4.0.1 - Path Traversal
Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
EIP-2026-110028 EXPLOITDB text WRITEUP
Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities
CVE-2008-2125 EXPLOITDB text WORKING POC
Musicbox 2.3.6-2.3.7 - SQL Injection via viewalbums.php artistId Parameter
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
CVE-2008-2845 EXPLOITDB text WORKING POC
MyBizz-Classifieds - SQL Injection via cat Parameter
SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-2343 EXPLOITDB text WORKING POC
News Manager 2.0 - Information Disclosure via Direct Request
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
EIP-2026-109158 EXPLOITDB text WORKING POC
Links Pile - 'link.php' SQL Injection
CVE-2008-6582 EXPLOITDB text WORKING POC
Miniweb 2.0 - SQL Injection via Username Parameter
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
CVE-2008-2847 EXPLOITDB text WORKING POC
Maxtrade AIO 1.3.23 - SQL Injection via Trade Module categori Parameter
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.
CVE-2008-2263 EXPLOITDB text WORKING POC
Automated Link Exchange Portal - SQL Injection via cat_id Parameter
SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc.
CVE-2008-2270 EXPLOITDB text WORKING POC
PHPWAY Kostenloses Linkmanagementscript - Remote File Inclusion via main_page_directory or page_to_include Parameter
Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the (1) main_page_directory and (2) page_to_include parameters in template\index.php.
EIP-2026-108963 EXPLOITDB text WORKING POC
Kalptaru Infotech Automated Link Exchange Portal - 'linking.page.php' SQL Injection
CVE-2008-2063 EXPLOITDB text WORKING POC
Joovili 3.1 - SQL Injection via Category Parameter
SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2008-2265 EXPLOITDB text WORKING POC
EMO Realty Manager - SQL Injection via news.php ida Parameter
SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter.
CVE-2008-4142 EXPLOITDB text WORKING POC
ephpscripts e-php_cms - SQL Injection via article.php es_id Parameter
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
CVE-2008-5777 EXPLOITDB text WORKING POC
CadeNix - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-2336 EXPLOITDB text WORKING POC
68 Classifieds 4.0.1 - SQL Injection via Category Parameter
SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.