Tryag-Team

9 exploits Active since Dec 2007
CVE-2008-2342 EXPLOITDB text WORKING POC
News Manager 2.0 - Path Traversal via Attachments.php ID Parameter
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2008-2341 EXPLOITDB text WORKING POC
News Manager 2.0 - Remote Code Execution via ch_readalso.php read_xml_include Parameter
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
CVE-2008-2340 EXPLOITDB text WORKING POC
News Manager 2.0 - SQL Injection via lang or pid Parameter
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
CVE-2007-6553 EXPLOITDB text WORKING POC
TeamCal Pro < 3.1.000 - Remote Code Execution via CONF[app_root] Parameter
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.
CVE-2007-6554 EXPLOITDB text WORKING POC
TeamCal Pro <3.1.000 - Path Traversal
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.
CVE-2008-2343 EXPLOITDB text WORKING POC
News Manager 2.0 - Information Disclosure via Direct Request
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
CVE-2008-1857 EXPLOITDB text WORKING POC
Make our Life Easy Mole <2.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
CVE-2007-6653 EXPLOITDB text WORKING POC
Mihalism Multi Host <2.0.7 - Path Traversal
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-0091 EXPLOITDB text WORKING POC
agency4net WEBFTP 1 - Path Traversal and Arbitrary File Read/Delete via download2.php file Parameter
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.