Stack-Terrorist

EIP-2026-114633 EXPLOITDB text WORKING POC

Zomplog 3.8.2 - 'force_download.php' File Disclosure

View Code

EIP-2026-112226 EXPLOITDB text WORKING POC

SmallBiz eShop - 'content_id' SQL Injection

View Code

CVE-2008-0355 EXPLOITDB text WORKING POC

phpecho_cms < 2.0-rc3 - SQL Injection via Forum Module id Parameter

SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.

View Code

CVE-2008-2454 EXPLOITDB perl WORKING POC

Joomla com_xsstream-dm 0.01 Beta - SQL Injection via Movie Parameter

SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.

View Code

CVE-2008-4617 EXPLOITDB text WORKING POC

pyxicom actualite 1.0 - SQL Injection via id Parameter

SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

EIP-2026-106498 EXPLOITDB text WRITEUP

Dodo's Quiz Script 1.1 - Local File Inclusion

View Code

CVE-2008-0521 EXPLOITDB text WORKING POC

Bubbling Library 1.32 - Path Traversal via URI Parameter

Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.

View Code

CVE-2008-1782 EXPLOITDB text WORKING POC

Advanced Software Engineering ChartDirector 4.1 - Info Disclosure

phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter.

View Code