ShAnKaR

6 exploits Active since Oct 2006
CVE-2006-5508 EXPLOITDB perl WORKING POC
WoltLab Burning Book 1.1.2 - SQL Injection via n Parameter or User-Agent Header
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.
CVE-2006-5509 EXPLOITDB perl WORKING POC
WoltLab Burning Book 1.1.2 - Remote Code Execution via Eval Injection in addentry.php
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.
EIP-2026-112684 EXPLOITDB perl WORKING POC
TikiWiki 1.9.8 - 'tiki-graph_formula.php' Command Execution
CVE-2007-5423 EXPLOITDB text WORKING POC
TikiWiki 1.9.8 - Remote Code Execution via tiki-graph_formula.php f Parameter
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
EIP-2026-110959 EXPLOITDB perl WORKING POC
phpBB 2.0.21 - Poison Null Byte Remote File Upload
CVE-2007-5416 EXPLOITDB text WORKING POC
Drupal < 5.2 - Remote Code Execution via Callback Parameter Hash Collision
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.