WiLdBoY

10 exploits Active since Mar 2007
CVE-2007-1440 EXPLOITDB html WORKING POC
JGBBS 3.0 Beta 1 - SQL Injection via Search Author Parameter
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter.
CVE-2007-2180 EXPLOITDB perl WORKING POC
Nullsoft Winamp 5.3 - Denial of Service via Crafted WMV File
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
CVE-2007-2367 EXPLOITDB perl WORKING POC
Wserve HTTP Server <4.6 - Buffer Overflow
Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.
CVE-2007-1517 EXPLOITDB html WORKING POC
WSN Guest 1.02 and 1.21 - SQL Injection via id Parameter
SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3311 EXPLOITDB perl WORKING POC
Xoops Articles Module < 1.02 - SQL Injection via print.php id Parameter
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1510 EXPLOITDB html WORKING POC
Particle Blogger 1.0.0-1.2.0 - SQL Injection via postid Parameter
SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2007-1417 EXPLOITDB text WRITEUP
HC NEWSSYSTEM 1.0-4 - SQL Injection via ID Parameter
SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion.
CVE-2007-1572 EXPLOITDB html WORKING POC
JGBBS < 3.0 - SQL Injection via search.asp title parameter
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1471 EXPLOITDB html WORKING POC
Orion-Blog 2.0 - Unauthenticated Privilege Escalation via Direct AdminBlogNewsEdit.asp Access
admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.
CVE-2007-1469 EXPLOITDB text WORKING POC
Absolute Image Gallery 2.0 - SQL Injection via categoryid Parameter
SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.