SwEET-DeViL

35 exploits Active since Jun 2006
CVE-2006-7052 EXPLOITDB text WRITEUP
DotWidget For Articles 0.2 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
CVE-2006-7052 EXPLOITDB text WRITEUP
DotWidget For Articles 0.2 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
CVE-2006-7052 EXPLOITDB text WRITEUP
DotWidget For Articles 0.2 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
CVE-2006-7052 EXPLOITDB text WRITEUP
DotWidget For Articles 0.2 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
CVE-2009-3219 EXPLOITDB text WORKING POC
AR Web Content Manager 2.1 - Remote File Inclusion via 'a' Parameter
Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter.
CVE-2010-2340 EXPLOITDB text WRITEUP
Arab Portal 2.2 - SQL Injection via Members.php by Parameter
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.
CVE-2009-4862 EXPLOITDB text WORKING POC
Alwasel 1.5 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.
EIP-2026-105334 EXPLOITDB php WORKING POC
AWCM CMS - Local File Inclusion
CVE-2006-6389 EXPLOITDB text WRITEUP
ac4p_mobile - Cross-Site Scripting via Taaa Parameter or Polls Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.
CVE-2006-6389 EXPLOITDB text WRITEUP
ac4p_mobile - Cross-Site Scripting via Taaa Parameter or Polls Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.