cOndemned

40 exploits Active since Mar 2008
EIP-2026-108370 EXPLOITDB text WORKING POC
Joomla! Component com_hotspots - SQL Injection
CVE-2009-4426 EXPLOITDB text WORKING POC
Ignition 1.2 - Path Traversal
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.
CVE-2008-2337 EXPLOITDB text WORKING POC
Imgallery - SQL Injection
Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.
EIP-2026-107777 EXPLOITDB php WORKING POC
Ignition 1.3 - Remote Code Execution
EIP-2026-107776 EXPLOITDB text WORKING POC
Ignition 1.3 - 'page.php' Local File Inclusion
CVE-2008-2887 EXPLOITDB text WORKING POC
Chaozzatwork Fubarforum - Path Traversal
Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-2129 EXPLOITDB php WORKING POC
Cine Galleristic - SQL Injection
SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-5218 EXPLOITDB text WORKING POC
ScriptsEz FREEze Greetings 1.0 - Info Disclosure
ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.
CVE-2008-2896 EXPLOITDB text WORKING POC
Fireant - Path Traversal
Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-5287 EXPLOITDB text WORKING POC
Werner Hilversum FAQ Manager 1.2 - SQL Injection
SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-3718 EXPLOITDB text WORKING POC
cyberBB 0.6 - SQL Injection
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.
CVE-2008-3190 EXPLOITDB text WORKING POC
CodeDB 1.1.1 - Path Traversal
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-1607 EXPLOITDB perl WORKING POC
Serbay Arslanhan Bomba Haber 2.0 - SQL Injection
SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.
CVE-2008-5949 EXPLOITDB text WORKING POC
cCTiddly 1.7.4-1.7.6 - RCE
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
EIP-2026-105425 EXPLOITDB php WORKING POC
bbScript 1.1.2.1 - 'id' Blind SQL Injection