THUNDER

4 exploits Active since Jan 2005
CVE-2008-4141 EXPLOITDB text WORKING POC
X10media .x10 Automatic Mp3 Script - Code Injection
Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php.
CVE-2008-6960 EXPLOITDB text WORKING POC
X10media X10 Automatic Mp3 Script - Access Control
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
EIP-2026-114402 EXPLOITDB text WORKING POC
X10media Mp3 Search Engine < 1.6.2 - Admin Access
CVE-2005-0116 EXPLOITDB c WORKING POC
Awstats < 6.3 - Improper Input Validation
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.