Piker

8 exploits Active since Mar 2007
CVE-2008-6333 EXPLOITDB perl WORKING POC
RSS Simple News - SQL Injection via pid Parameter
SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-4137 EXPLOITDB text WRITEUP
php_crawler - Remote File Inclusion via footer_file Parameter
PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter.
CVE-2008-5851 EXPLOITDB perl WORKING POC
MyPBS - SQL Injection via seasonID Parameter
SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to execute arbitrary SQL commands via the seasonID parameter.
CVE-2008-6018 EXPLOITDB text WORKING POC
MyPHPSite - Path Traversal via Mod Parameter
Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
CVE-2007-1478 EXPLOITDB text WRITEUP
McGallery 0.5b - Unauthenticated Arbitrary File Read via Filename Parameter
download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter.
CVE-2008-5861 EXPLOITDB text WRITEUP
FreeLyrics 1.0 - Path Traversal via p Parameter
Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4517 EXPLOITDB perl WORKING POC
geccBBlite 2.0 - SQL Injection via leggi.php id Parameter
SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5732 EXPLOITDB text WRITEUP
KafooeyBlog 1.55b - Unauthenticated Arbitrary File Upload via Image Upload
Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.