QTRinux

6 exploits Active since Sep 2007
CVE-2007-4820 EXPLOITDB text WORKING POC
Sisfo Kampus 2006 - Path Traversal via nmf Parameter
Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.
CVE-2007-4834 EXPLOITDB text WORKING POC
phpRealty 0.02 - Remote Code Execution via MGR Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/.
CVE-2008-0423 EXPLOITDB text WORKING POC
Lama Software - Remote Code Execution via MY_CONF[classRoot] Parameter
Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.
CVE-2008-0692 EXPLOITDB text WORKING POC
iTechBids 3 Gold and 5.0 - SQL Injection via bidhistory.php item_id Parameter
SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
CVE-2008-5223 EXPLOITDB text WORKING POC
Airaev Commerce 3.0 - SQL Injection
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-3250 EXPLOITDB text WORKING POC
Arctic Issue Tracker 2.0.0 - SQL Injection
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.