b3hz4d

10 exploits Active since Oct 2008
EIP-2026-117749 EXPLOITDB perl WORKING POC
Password Door 8.4 - Local Buffer Overflow
CVE-2009-2896 EXPLOITDB perl WORKING POC
KMplayer < 2.9.4.1433 - Buffer Overflow via Subtitle Playlist File
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.
CVE-2008-7075 EXPLOITDB text WRITEUP
Kalptaru Infotech Stararticles - SQL Injection
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6389 EXPLOITDB text WRITEUP
Rae Media Contact Management Software - SQL Injection via Password Parameter
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5590 EXPLOITDB text WORKING POC
Kalptaru Infotech Product Sale Framework 0.1 - SQL Injection
SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
EIP-2026-110876 EXPLOITDB perl WORKING POC
PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (2)
EIP-2026-110875 EXPLOITDB php WORKING POC
PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (1)
CVE-2008-6112 EXPLOITDB text WRITEUP
Ez Ringtone Manager - Path Traversal
Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/.
CVE-2008-4759 EXPLOITDB text WORKING POC
buzzywall 1.3.1 - Path Traversal via Download ID Parameter
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
CVE-2009-0821 EXPLOITDB html WORKING POC
Firefox < 2.0.0.20 - Denial of Service via Nested window.print Calls
Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.