M.Hasran Addahroni

33 exploits Active since Apr 2006
CVE-2006-1718 EXPLOITDB text WRITEUP
Magus Perde Clever Copy <3.0 - Info Disclosure
Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc.
CVE-2008-6250 EXPLOITDB text WORKING POC
Comdev Web Blogger < 4.1.3 - SQL Injection via arcmonth Parameter
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
CVE-2006-3185 EXPLOITDB text WRITEUP
CMS Faethon 1.3.2 - Remote File Inclusion via mainpath Parameter
PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter.
CVE-2009-0516 EXPLOITDB text WORKING POC
BusinessSpace < 1.2 - SQL Injection via Classified Page id Parameter
SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2007-1721 EXPLOITDB text WORKING POC
C-Arbre < 0.6_pr7 - Remote File Inclusion via root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.
CVE-2008-2189 EXPLOITDB text WORKING POC
AnServ Auction XL - SQL Injection via viewfaqs.php cat Parameter
SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-2096 EXPLOITDB text WRITEUP
BackLinkSpider - SQL Injection via cat_id Parameter
SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php.
CVE-2007-6106 EXPLOITDB text WORKING POC
AlstraSoft E-Friends <4.98 - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.