IRCRASH (R3d.W0rm)

4 exploits Active since Jan 2008
CVE-2008-0353 EXPLOITDB text WRITEUP
php-residence 0.7.2 and 1.0 - SQL Injection via cognome_cerca Parameter
SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-3405 EXPLOITDB text WRITEUP
nzFotolog 0.4.1 - Path Traversal via Action File Parameter
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.
CVE-2008-3415 EXPLOITDB text WRITEUP
CMScout 2.05 - Remote File Inclusion via Directory Traversal in bit Parameter
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
CVE-2008-3368 EXPLOITDB text WRITEUP
ATutor < 1.6.1 - Authenticated Remote Code Execution via Import Type Parameter
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.