RMx

9 exploits Active since Sep 2006
CVE-2008-3211 EXPLOITDB php WORKING POC
Scripteen Free Image Hosting Script <1.2.1 - Auth Bypass
Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1.
CVE-2008-5270 EXPLOITDB text WORKING POC
Yuhhu Superstar 2008 - SQL Injection
SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter.
CVE-2008-3212 EXPLOITDB php WORKING POC
Scripteen Free Image Hosting Script 1.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting Script 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/login.php, or the (3) uname or (4) pass parameter to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3206 EXPLOITDB php WORKING POC
Yuhhu Pubs Black Cat - SQL Injection
SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2007-3267 EXPLOITDB text WORKING POC
fuzzylime_forum < 1.01b - Cross-Site Scripting via fromaction Parameter
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235.
CVE-2008-1508 EXPLOITDB text WORKING POC
EfesTech E-Kontr - SQL Injection via id Parameter
SQL injection vulnerability in EfesTech E-Kontör and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-4793 EXPLOITDB text WORKING POC
TualBLOG 1.0 - SQL Injection via icerikno Parameter
Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 allow remote attackers to execute arbitrary SQL commands, as demonstrated by the icerikno parameter.
CVE-2007-2420 EXPLOITDB text WORKING POC
Burak Yilmaz Blog 1.0 - SQL Injection
SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1641 EXPLOITDB text WORKING POC
EfesTECH Video 5.0 - SQL Injection via catID Parameter
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.