Y! Underground Group

7 exploits Active since May 2007
CVE-2008-0245 EXPLOITDB php WORKING POC
UploadImage 1.0 - Unauthenticated Privilege Escalation via Password Change
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
CVE-2008-0246 EXPLOITDB php WORKING POC
UploadScript 1.0 - Unauthenticated Privilege Escalation via admin.php Pass Parameter
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
CVE-2007-2642 EXPLOITDB text WRITEUP
R2K Gallery 1.7 - Directory Traversal via lang2 Parameter
Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.
CVE-2007-2899 EXPLOITDB php WORKING POC
NavBoard 2.6.0 - Remote Code Execution via admin_config.php Parameter Injection
Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
CVE-2007-2647 EXPLOITDB php WORKING POC
Monalbum 0.8.7 - Authenticated PHP Code Injection via Admin Configuration Parameters
Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter.
CVE-2007-2643 EXPLOITDB text WORKING POC
PinkCrow Designs Gallery/maGAZIn 2.0 - Path Traversal
Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
EIP-2026-103609 EXPLOITDB html WORKING POC
Opera 9.10 - 'alert()' Remote Denial of Service