Spanish Hackers Team - Security Researcher - Exploit Intelligence Platform

CVE-2008-1346 EXPLOITDB text WORKING POC

MyioSoft EasyGallery <5.0tr - SQL Injection

SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action.

View Code

CVE-2008-1336 EXPLOITDB text WORKING POC

Koobi CMS 4.2.3-4.3.0 - SQL Injection via Categ Parameter

SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122.

View Code

CVE-2008-1122 EXPLOITDB text WORKING POC

Koobi Pro 5.7 - SQL Injection via Downloads Module categ Parameter

SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0.

View Code

CVE-2008-1414 EXPLOITDB text WRITEUP

Multiple Time Sheets <= 5.0 - Cross-Site Scripting via Tab Parameter

Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.

View Code

CVE-2008-1415 EXPLOITDB text WRITEUP

Multiple Time Sheets <5.0 - Path Traversal

Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.

View Code

CVE-2008-1347 EXPLOITDB text WORKING POC

MyioSoft EasyGallery <= 5.0tr - Cross-Site Scripting via PATH_INFO or q Parameter

Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about action to the help system.

View Code

CVE-2008-4778 EXPLOITDB text WORKING POC

Koobi CMS 4.3.0 - SQL Injection via Gallery Module galid Parameter

SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.

View Code

CVE-2008-1936 EXPLOITDB text WORKING POC

Classifieds Caffe - SQL Injection via cat_id Parameter

SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific.

View Code

CVE-2008-2554 EXPLOITDB text WRITEUP

BP Blog 6.0 - SQL Injection via id or cat Parameter

Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.

View Code