cOndemned [ Dark-Coders ]

3 exploits Active since Aug 2008
CVE-2008-3848 EXPLOITDB text WORKING POC
Z-Breaknews 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4740 EXPLOITDB text WORKING POC
TinyCMS 1.1.2 - Remote File Inclusion via ZZ_Templater config[template] Parameter
Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template] parameter.
CVE-2008-3718 EXPLOITDB text WORKING POC
cyberBB 0.6 - Authenticated SQL Injection via id or user Parameter
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.