brOmstar

3 exploits Active since May 2005
CVE-2006-4142 EXPLOITDB text WORKING POC
Virtual War <= 1.5.0 R14 - SQL Injection via Online.php n Parameter
SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.
CVE-2007-2312 EXPLOITDB text WORKING POC
Virtual War 1.5.0 R15 - SQL Injection via Online Parameter
Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.
CVE-2005-0859 EXPLOITDB text WRITEUP
CzarNews 1.13b - Remote File Inclusion via tpath Parameter
PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.