StAkeR aka athos

8 exploits Active since Oct 2008
CVE-2008-4887 EXPLOITDB text WRITEUP
NetRisk < 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). NOTE: some of these details are obtained from third party information.
CVE-2008-5708 EXPLOITDB php WORKING POC
SlimCMS 1.0.0 - Unauthenticated Administrative User Creation via redirect.php
redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
EIP-2026-110690 EXPLOITDB perl WORKING POC
PHP Easy Downloader 1.5 - Remote File Creation
CVE-2008-4888 EXPLOITDB text WRITEUP
netrisk < 2.0 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-4628 EXPLOITDB php WORKING POC
myWebland miniBloggie 1.0 - SQL Injection via del.php post_id Parameter
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
CVE-2008-6805 EXPLOITDB php WORKING POC
Mic_Blog 0.0.3 - SQL Injection via cat user or site Parameter
Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.
CVE-2008-4603 EXPLOITDB perl WORKING POC
iGaming CMS 2.0 Alpha 1 - SQL Injection via search.php keywords parameter
SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action.
CVE-2008-5966 EXPLOITDB php WORKING POC
globsy < 1.0 - Arbitrary File Write via globsy_edit.php
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.