SaO

4 exploits Active since Jan 2007
CVE-2007-1192 EXPLOITDB python WORKING POC
Thomas R. Pasawicz HyperBook Guestbook 1.30 - Info Disclosure
Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.
CVE-2008-3362 EXPLOITDB html WORKING POC
Giulio Ganci Wp Downloads Manager <0.2 - RCE
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.
CVE-2007-0329 EXPLOITDB c WORKING POC
JV2 Folder Gallery - Unauthenticated Arbitrary File Read via download.php file Parameter
download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.
CVE-2007-0984 EXPLOITDB text WORKING POC
PollMentor 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.