QTRinux

6 exploits Active since Sep 2007
CVE-2007-4820 EXPLOITDB text WORKING POC
Sisfo Kampus - Path Traversal
Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.
CVE-2007-4834 EXPLOITDB text WORKING POC
Phprealty - Code Injection
Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/.
CVE-2008-0423 EXPLOITDB text WORKING POC
Lama Software - Code Injection
Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.
CVE-2008-0692 EXPLOITDB text WORKING POC
Itechscripts Itechbids - SQL Injection
SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
CVE-2008-5223 EXPLOITDB text WORKING POC
Airaev Commerce 3.0 - SQL Injection
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-3250 EXPLOITDB text WORKING POC
Arctic Issue Tracker 2.0.0 - SQL Injection
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.