IRCRASH (Dr.Crash) - Security Researcher - Exploit Intelligence Platform

CVE-2007-6124 EXPLOITDB perl WORKING POC

Softbiz Freelancers Script 1 - Stored Cross-Site Scripting via signin.php errmsg Parameter

Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.

View Code

CVE-2008-0452 EXPLOITDB text WRITEUP

Siteman 1.1.9 - Path Traversal via Cat Parameter in Articles.php

Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.

View Code

CVE-2007-5998 EXPLOITDB text WORKING POC

Softbiz Ad Management plus Script 1 - SQL Injection

SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.

View Code

CVE-2007-5999 EXPLOITDB text WRITEUP

Softbiz Auctions Script - SQL Injection

SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2007-5997 EXPLOITDB text WORKING POC

Softbiz Banner Exchange Network Script 1.0 - SQL Injection

SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2007-6125 EXPLOITDB perl WORKING POC

Softbiz Freelancers Script - SQL Injection

SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.

View Code

CVE-2007-5316 EXPLOITDB text WRITEUP

Softbiz Jobs and Recruitment Script - SQL Injection via browsecats.php cid Parameter

SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

View Code

CVE-2007-5996 EXPLOITDB text WRITEUP

Softbiz Link Directory Script - SQL Injection

SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.

View Code

CVE-2007-5449 EXPLOITDB text WRITEUP

Softbiz Recipes Portal Script - SQL Injection via sbcat_id Parameter

SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

View Code

CVE-2008-1639 EXPLOITDB perl WORKING POC

Neat weblog 0.2 - SQL Injection via articleId Parameter

SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.

View Code

CVE-2008-0446 EXPLOITDB text WORKING POC

LulieBlog 1.02 - SQL Injection via voircom.php id Parameter

SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2008-0447 EXPLOITDB text WORKING POC

Foojan WMS PHP Weblog 1.0 - SQL Injection via Story Parameter

SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter.

View Code

CVE-2008-1714 EXPLOITDB text WRITEUP

FaScript FaPhoto 1.0 - SQL Injection

SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2008-0328 EXPLOITDB text WRITEUP

FaScript FaName 1.0 - SQL Injection via id Parameter

SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2008-0327 EXPLOITDB text WRITEUP

FaScript FaMp3 1.0 - SQL Injection via show.php id Parameter

SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2008-0325 EXPLOITDB text WRITEUP

FaScript FaPersian Petition - SQL Injection via show.php id Parameter

SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2008-0326 EXPLOITDB text WRITEUP

FaScript FaPersianHack 1.0 - SQL Injection via id Parameter

SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.

View Code