SnIpEr_SA

11 exploits Active since Oct 2005
CVE-2007-5299 EXPLOITDB text WORKING POC
SkaDate 5.0-6.0 - Path Traversal via View Mode Parameter
Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/.
CVE-2005-3363 EXPLOITDB perl WORKING POC
Saphp Lesson - SQL Injection via ForumID Parameter
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
CVE-2006-4969 EXPLOITDB text WORKING POC
WAHM E-Commerce Pie Cart Pro - Remote File Inclusion via Inc_Dir Parameter
Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php.
CVE-2006-0973 EXPLOITDB perl WORKING POC
phpWebSite <= 0.10.2 - SQL Injection via Topic Parameter
SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
EIP-2026-110719 EXPLOITDB text WRITEUP
PHP Live Helper 1.x - 'abs_path' Remote File Inclusion
CVE-2006-1767 EXPLOITDB text WRITEUP
nicecoder INDEXU 5.0.0-5.0.1 - Remote File Inclusion via theme_path and base_path Parameters
Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php.
CVE-2006-2877 EXPLOITDB text WRITEUP
Bookmark4U < 2.0 - Remote File Inclusion via include_prefix Parameter
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
CVE-2006-2877 EXPLOITDB text WRITEUP
Bookmark4U < 2.0 - Remote File Inclusion via include_prefix Parameter
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
CVE-2006-2877 EXPLOITDB text WRITEUP
Bookmark4U < 2.0 - Remote File Inclusion via include_prefix Parameter
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
CVE-2006-2877 EXPLOITDB text WRITEUP
Bookmark4U < 2.0 - Remote File Inclusion via include_prefix Parameter
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
CVE-2006-1770 EXPLOITDB text WRITEUP
Azerbaijan Design & Development Group AzDGVote - RCE
Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php.