S.W.A.T.

36 exploits Active since Jan 2007
CVE-2008-6150 EXPLOITDB text WORKING POC
Sepcity Classified Ads - SQL Injection
SQL injection vulnerability in classdis.asp in SepCity Classified Ads allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2008-3193 EXPLOITDB text WORKING POC
jSite 1.0 OE - SQL Injection
SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI.
CVE-2008-3192 EXPLOITDB text WORKING POC
jSite 1.0 OE - Path Traversal
Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2007-5800 EXPLOITDB text WORKING POC
BackUpWordPress <0.4.2b - RCE
Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.
EIP-2026-113341 EXPLOITDB text WRITEUP
WebPortal CMS 0.7.4 - 'FCKeditor' Arbitrary File Upload
CVE-2007-5388 EXPLOITDB text WORKING POC
Webdesktop - Code Injection
Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php.
CVE-2008-6751 EXPLOITDB text WORKING POC
Revou Tclone - Improper Input Validation
Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in settings/my_photo.
CVE-2007-4978 EXPLOITDB text WRITEUP
Phpsyncml < 0.1.2 - Code Injection
Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/.
CVE-2007-5387 EXPLOITDB text WORKING POC
Pindorama - Code Injection
PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter.
CVE-2008-4709 EXPLOITDB text WORKING POC
Pilot Group Etraining - SQL Injection
SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4757 EXPLOITDB text WORKING POC
Phpmytourney - Improper Input Validation
PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter.
CVE-2008-0501 EXPLOITDB text WRITEUP
Sourceforge Phpmyclub - Path Traversal
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
CVE-2008-3179 EXPLOITDB text WRITEUP
phpDatingClub 3.7 - Path Traversal
Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2007-0573 EXPLOITDB text WORKING POC
nsGalPHP <0.41 - RCE
PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.
EIP-2026-109891 EXPLOITDB text WRITEUP
NetRisk 1.9.7 - 'index.php' Remote File Inclusion
CVE-2008-0144 EXPLOITDB text WRITEUP
Phprisk Netrisk - SQL Injection
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.
CVE-2008-3321 EXPLOITDB text WORKING POC
Maian Uploader <4.0 - Auth Bypass
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
CVE-2007-5315 EXPLOITDB text WORKING POC
Softpedia Livealbum - Code Injection
PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.
CVE-2008-3320 EXPLOITDB text WORKING POC
Maian Guestbook <3.2 - Auth Bypass
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
CVE-2008-3319 EXPLOITDB text WORKING POC
Maian Links <3.1 - Auth Bypass
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
CVE-2008-3322 EXPLOITDB text WORKING POC
Maian Recipe <1.2 - Auth Bypass
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
CVE-2008-3317 EXPLOITDB text WORKING POC
Maian Search <1.1 - Auth Bypass
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
CVE-2008-3318 EXPLOITDB text WORKING POC
Maian Weblog <4.0 - Auth Bypass
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
CVE-2007-5573 EXPLOITDB text WORKING POC
Limesurvey < 1.5.2 - Code Injection
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2008-7301 EXPLOITDB text WORKING POC
jSite 1.0 OE - SQL Injection
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.