cOndemned

40 exploits Active since Mar 2008
EIP-2026-108370 EXPLOITDB text WORKING POC
Joomla! Component com_hotspots - SQL Injection
CVE-2009-4426 EXPLOITDB text WORKING POC
Ignition 1.2 - Remote File Inclusion via Blog Parameter
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.
CVE-2008-2337 EXPLOITDB text WORKING POC
IMGallery 2.5 - SQL Injection via kategoria or id_phot Parameter
Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.
EIP-2026-107777 EXPLOITDB php WORKING POC
Ignition 1.3 - Remote Code Execution
EIP-2026-107776 EXPLOITDB text WORKING POC
Ignition 1.3 - 'page.php' Local File Inclusion
CVE-2008-2887 EXPLOITDB text WORKING POC
FubarForum 1.5 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-2129 EXPLOITDB php WORKING POC
Galleristic 1.0 - SQL Injection via Cat Parameter
SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-5218 EXPLOITDB text WORKING POC
ScriptsEz FREEze Greetings 1.0 - Info Disclosure
ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.
CVE-2008-2896 EXPLOITDB text WORKING POC
FireAnt 1.3 - Remote Code Execution via Page Parameter Path Traversal
Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-5287 EXPLOITDB text WORKING POC
Werner Hilversum FAQ Manager 1.2 - SQL Injection
SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-3718 EXPLOITDB text WORKING POC
cyberBB 0.6 - Authenticated SQL Injection via id or user Parameter
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.
CVE-2008-3190 EXPLOITDB text WORKING POC
1Scripts CodeDB 1.1.1 - Remote File Inclusion via Lang Parameter Path Traversal
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-1607 EXPLOITDB perl WORKING POC
Serbay Arslanhan Bomba Haber 2.0 - SQL Injection
SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.
CVE-2008-5949 EXPLOITDB text WORKING POC
cctiddly 1.7.4 and 1.7.6 - Remote Code Execution via cct_base Parameter
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
EIP-2026-105425 EXPLOITDB php WORKING POC
bbScript 1.1.2.1 - 'id' Blind SQL Injection