StAkeR

100 exploits Active since Jan 2006
CVE-2008-5491 EXPLOITDB perl WORKING POC
SlimCMS <1.0.0 - SQL Injection
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.
EIP-2026-111831 EXPLOITDB python WORKING POC
RunCMS 1.6.3 - Remote Shell Injection
CVE-2008-5418 EXPLOITDB perl WORKING POC
PunPortal <2.0 - Path Traversal
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
CVE-2008-6308 EXPLOITDB php WORKING POC
Punbb Private Messaging System < 1.2.3 - Path Traversal
Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pun_user[language] parameter to (1) functions_navlinks.php, (2) header_new_messages.php, (3) profile_send.php, and (4) viewtopic_PM-link.php in include/pms/.
EIP-2026-111381 EXPLOITDB php WORKING POC
Podcast Generator 1.2 - Unauthorized Re-Installation
EIP-2026-111380 EXPLOITDB text WRITEUP
Podcast Generator 1.2 - 'GLOBALS[]' Multiple Vulnerabilities
CVE-2009-0592 EXPLOITDB perl WORKING POC
PNphpBB2 <1.2i - Path Traversal
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
CVE-2008-5000 EXPLOITDB php WORKING POC
Phpx - SQL Injection
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.
CVE-2009-2147 EXPLOITDB perl WORKING POC
phpWebThings <1.5.2 - SQL Injection
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1550 EXPLOITDB php WORKING POC
Phpx < 3.5.15 - SQL Injection
Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php.
CVE-2008-6301 EXPLOITDB text WRITEUP
Prezmo Small Shoutbox - SQL Injection
SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
CVE-2008-4675 EXPLOITDB php WORKING POC
Phpcounter < 1.3.2 - SQL Injection
SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2008-6314 EXPLOITDB perl WORKING POC
Phpbb Tag Board < 4.0 - SQL Injection
SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
EIP-2026-110686 EXPLOITDB c WORKING POC
PHP Director 0.21 - SQL Into Outfile 'eval()' Injection
CVE-2008-1918 EXPLOITDB perl WORKING POC
PHP-Fusion <6.01.14, <6.00.307 - SQL Injection
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.
CVE-2008-3031 EXPLOITDB text WORKING POC
Simple Php Agenda < 2.2.4 - Path Traversal
Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
EIP-2026-110690 EXPLOITDB perl WORKING POC
PHP Easy Downloader 1.5 - Remote File Creation
EIP-2026-110329 EXPLOITDB text WORKING POC
openWYSIWYG 1.4.7 - Local Directory Traversal
CVE-2008-6290 EXPLOITDB text WRITEUP
Niclor Include Sito - Path Traversal
Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter.
CVE-2007-6586 EXPLOITDB text WRITEUP
nicLOR-CMS - SQL Injection
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
CVE-2008-4888 EXPLOITDB text WRITEUP
Netrisk < 2.0 - XSS
Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6777 EXPLOITDB text WORKING POC
Myphp Forum < 3.0 - SQL Injection
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.
CVE-2008-2876 EXPLOITDB text WRITEUP
Munky - Path Traversal
Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter.
CVE-2008-4628 EXPLOITDB php WORKING POC
Mywebland Minibloggie - SQL Injection
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
CVE-2008-6787 EXPLOITDB perl WORKING POC
Jeremy Powers Lizardware Cms < 0.6.0 - SQL Injection
SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user.