S.W.A.T.

36 exploits Active since Jan 2007
CVE-2008-6142 EXPLOITDB text WORKING POC
FlexPHPic <0.0.4 - FlexPHPic Pro <0.0.3 - SQL Injection
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
EIP-2026-107144 EXPLOITDB text WORKING POC
Flax Article Manager 1.1 - Remote PHP Script Upload
CVE-2007-6133 EXPLOITDB text WRITEUP
DevMass Shopping Cart <= 1.0 - Remote File Inclusion via kfm_base_path Parameter
PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.
CVE-2007-6137 EXPLOITDB text WORKING POC
Content Injector <1.52 - SQL Injection
SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2007-6394 EXPLOITDB text WRITEUP
Content Injector 1.53 - SQL Injection
SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action.
EIP-2026-105594 EXPLOITDB text WORKING POC
Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion
CVE-2008-6900 EXPLOITDB text WRITEUP
AvailScript Article Script - Authenticated Remote Code Execution via Unrestricted File Upload in Add Pen Feature
Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/.
CVE-2008-3749 EXPLOITDB text WORKING POC
YourFreeWorld Banner Mgr < - SQL Injection
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-5592 EXPLOITDB text WORKING POC
awzMB 4.2 beta 1 - Remote Code Execution via Setting[OPT_includepath] Parameter
Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1) adminhelp.php; and (2) admin.incl.php, (3) reg.incl.php, (4) help.incl.php, (5) gbook.incl.php, and (6) core/core.incl.php in modules/.
EIP-2026-105329 EXPLOITDB text WRITEUP
AvailScript Classmate Script - Arbitrary File Upload
CVE-2008-6157 EXPLOITDB HIGH text WORKING POC
SepCity Classified Ads - Cleartext Storage of Sensitive Information in data/classifieds.mdb
SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.
CVSS 7.5