IRCRASH (Dr.Crash)

17 exploits Active since Oct 2007
CVE-2007-6124 EXPLOITDB perl WORKING POC
Softbiz Freelancers Script - XSS
Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
CVE-2008-0452 EXPLOITDB text WRITEUP
Siteman - Path Traversal
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
CVE-2007-5998 EXPLOITDB text WORKING POC
Softbiz Ad Management plus Script 1 - SQL Injection
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
CVE-2007-5999 EXPLOITDB text WRITEUP
Softbiz Auctions Script - SQL Injection
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-5997 EXPLOITDB text WORKING POC
Softbiz Banner Exchange Network Script 1.0 - SQL Injection
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2007-6125 EXPLOITDB perl WORKING POC
Softbiz Freelancers Script - SQL Injection
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
CVE-2007-5316 EXPLOITDB text WRITEUP
Softbizscripts Softbiz Jobs And Recruitment Script - SQL Injection
SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-5996 EXPLOITDB text WRITEUP
Softbiz Link Directory Script - SQL Injection
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
CVE-2007-5449 EXPLOITDB text WRITEUP
Softbiz Recipes Portal Script - SQL Injection
SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
CVE-2008-1639 EXPLOITDB perl WORKING POC
Neat Weblog 0.2 - SQL Injection
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.
CVE-2008-0446 EXPLOITDB text WORKING POC
Julian Pawlowski Lulieblog - SQL Injection
SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0447 EXPLOITDB text WORKING POC
Foojan Php Weblog - SQL Injection
SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter.
CVE-2008-1714 EXPLOITDB text WRITEUP
FaScript FaPhoto 1.0 - SQL Injection
SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0328 EXPLOITDB text WRITEUP
Fascript Faname - SQL Injection
SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0327 EXPLOITDB text WRITEUP
Fascript Famp3 - SQL Injection
SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0325 EXPLOITDB text WRITEUP
Fascript Fapersian Petition - SQL Injection
SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0326 EXPLOITDB text WRITEUP
Fascript Fapersianhack - SQL Injection
SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.