Stack-Terrorist [v40]

9 exploits Active since Jan 2008
CVE-2008-1857 EXPLOITDB text WORKING POC
Make our Life Easy Mole <2.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
CVE-2008-0459 EXPLOITDB text WRITEUP
Liquidsilvercms - Path Traversal
Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter.
CVE-2008-1758 EXPLOITDB text WORKING POC
KwsPHP ConcoursPhoto Module - SQL Injection via C_ID Parameter
SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.
CVE-2008-2459 EXPLOITDB perl WORKING POC
EntertainmentScript 1.4.0 - Path Traversal via Page Parameter
Directory traversal vulnerability in page.php in EntertainmentScript 1.4.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
CVE-2008-0545 EXPLOITDB text WRITEUP
Bubbling Library 1.32 - Path Traversal via URI or Page Parameter
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.
CVE-2008-2522 EXPLOITDB perl WORKING POC
Battle.net Clan Script < 1.5.3 - SQL Injection via showmember Parameter
SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.
CVE-2008-2356 EXPLOITDB perl WORKING POC
Archangel Weblog < 0.90.02 - SQL Injection via post_id Parameter
SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
CVE-2008-2395 EXPLOITDB perl WORKING POC
AlkalinePHP < 0.80.00 - SQL Injection via Thread ID Parameter
SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2536 EXPLOITDB perl WORKING POC
YABSoft Advanced Image Hosting Script < 2.1 - SQL Injection via out.php t Parameter
SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.