HaCkeR_EgY

22 exploits Active since Apr 2008
CVE-2008-2197 EXPLOITDB text WORKING POC
Miniweb2 Blog Writer - SQL Injection
SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.
CVE-2008-2342 EXPLOITDB text WORKING POC
News Manager - Path Traversal
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2008-2341 EXPLOITDB text WORKING POC
Avalonnet News Manager - Code Injection
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
CVE-2008-2340 EXPLOITDB text WORKING POC
News Manager - SQL Injection
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
CVE-2008-2443 EXPLOITDB text WORKING POC
Therealestatescript The Real Estate Script - SQL Injection
SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter.
CVE-2008-1799 EXPLOITDB text WORKING POC
sabros.us 1.75 - Path Traversal
Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
CVE-2008-1755 EXPLOITDB text WORKING POC
World of Phaos 4.0.1 - Path Traversal
Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
EIP-2026-110028 EXPLOITDB text WRITEUP
Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities
CVE-2008-2125 EXPLOITDB text WORKING POC
Musicbox - SQL Injection
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
CVE-2008-2845 EXPLOITDB text WORKING POC
Mybizz-classifieds - SQL Injection
SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-2343 EXPLOITDB text WORKING POC
News Manager - Access Control
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
EIP-2026-109158 EXPLOITDB text WORKING POC
Links Pile - 'link.php' SQL Injection
CVE-2008-6582 EXPLOITDB text WORKING POC
Miniweb - SQL Injection
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
CVE-2008-2847 EXPLOITDB text WORKING POC
Softdivision Maxtrade Aoi - SQL Injection
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.
CVE-2008-2263 EXPLOITDB text WORKING POC
Cmsnx Automated Link Exchange Portal - SQL Injection
SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc.
CVE-2008-2270 EXPLOITDB text WORKING POC
Phpway Kostenloses Linkmanagementscript - Code Injection
Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the (1) main_page_directory and (2) page_to_include parameters in template\index.php.
EIP-2026-108963 EXPLOITDB text WORKING POC
Kalptaru Infotech Automated Link Exchange Portal - 'linking.page.php' SQL Injection
CVE-2008-2063 EXPLOITDB text WORKING POC
Joovili - SQL Injection
SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2008-2265 EXPLOITDB text WORKING POC
Emophp Emo Realty Manager - SQL Injection
SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter.
CVE-2008-4142 EXPLOITDB text WORKING POC
Ephpscripts E-php Cms - SQL Injection
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
CVE-2008-5777 EXPLOITDB text WORKING POC
CadeNix - SQL Injection
SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-2336 EXPLOITDB text WORKING POC
68 Classifieds - SQL Injection
SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.