Kacak

5 exploits Active since May 2008
CVE-2008-2481 EXPLOITDB text WORKING POC
phpraider 1.0.7 and 1.0.7a - Remote Code Execution via pConfig_auth[phpbb_path] Parameter
PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter.
CVE-2008-4054 EXPLOITDB text WORKING POC
Kolifa Download Script 1.2 - SQL Injection via id Parameter
SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2990 EXPLOITDB text WRITEUP
com_facileforms - Remote Code Execution via ff_compath Parameter
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
CVE-2008-3030 EXPLOITDB text WORKING POC
EfesTECH Shop 2.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.
CVE-2009-0447 EXPLOITDB text WORKING POC
MyDesign Sayac 2.0 - SQL Injection via User or Pass Parameter
Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information.