S.W.A.T. - Security Researcher - Exploit Intelligence Platform

CVE-2008-6142 EXPLOITDB text WORKING POC

FlexPHPic <0.0.4 - FlexPHPic Pro <0.0.3 - SQL Injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

View Code

EIP-2026-107144 EXPLOITDB text WORKING POC

Flax Article Manager 1.1 - Remote PHP Script Upload

View Code

CVE-2007-6133 EXPLOITDB text WRITEUP

DevMass Shopping Cart <1.0 - RCE

PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.

View Code

CVE-2007-6137 EXPLOITDB text WORKING POC

Content Injector <1.52 - SQL Injection

SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2007-6394 EXPLOITDB text WRITEUP

Content Injector 1.53 - SQL Injection

SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action.

View Code

EIP-2026-105594 EXPLOITDB text WORKING POC

Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion

View Code

CVE-2008-6900 EXPLOITDB text WRITEUP

Availscript Article Script - Code Injection

Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/.

View Code

CVE-2008-3749 EXPLOITDB text WORKING POC

YourFreeWorld Banner Mgr < - SQL Injection

SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2007-5592 EXPLOITDB text WORKING POC

Awzmb - Code Injection

Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1) adminhelp.php; and (2) admin.incl.php, (3) reg.incl.php, (4) help.incl.php, (5) gbook.incl.php, and (6) core/core.incl.php in modules/.

View Code

EIP-2026-105329 EXPLOITDB text WRITEUP

AvailScript Classmate Script - Arbitrary File Upload

View Code

CVE-2008-6157 EXPLOITDB HIGH text WORKING POC

Sepcity Classified Ads - Cleartext Storage

SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.

CVSS 7.5

View Code