Kw3rLn

13 exploits Active since Oct 2006
CVE-2007-6566 EXPLOITDB perl WORKING POC
XZero Community Classifieds <4.95.11 - SQL Injection
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
CVE-2007-3530 EXPLOITDB text WORKING POC
PHPDirector <0.21 - Info Disclosure
PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file.
CVE-2007-3529 EXPLOITDB text WORKING POC
PHPDirector <0.21 - Info Disclosure
videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message.
CVE-2007-6568 EXPLOITDB text WORKING POC
XZero Community Classifieds <4.95.11 - RCE
PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
CVE-2007-6567 EXPLOITDB perl WORKING POC
XZero Community Classifieds <4.95.11 - Path Traversal
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.
CVE-2007-0098 EXPLOITDB perl WORKING POC
VerliAdmin < 0.3 - Directory Traversal via Language Cookie
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
CVE-2007-3371 EXPLOITDB perl WORKING POC
Powl 0.94 - Remote File Inclusion via _POWL[installPath] Parameter
PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter.
CVE-2006-7132 EXPLOITDB perl WORKING POC
PHPMyDesk 1.0beta - Directory Traversal via pmdlang Parameter
Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
CVE-2007-3562 EXPLOITDB text WORKING POC
PHP Director < 0.21 - SQL Injection via Videos.php ID Parameter
SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3697 EXPLOITDB python WORKING POC
FlashBB < 1.1.5 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
CVE-2007-4008 EXPLOITDB perl WORKING POC
Entertainment Media Sharing CMS - Path Traversal
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.
CVE-2007-3563 EXPLOITDB text WORKING POC
AV Arcade 2.1b - SQL Injection via id Parameter
SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.
CVE-2006-5505 EXPLOITDB perl WORKING POC
2BGal 3.0 - Remote PHP File Inclusion via Lang Parameter
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.