cr4wl3r

143 exploits Active since Jan 2006
EIP-2026-114880 EXPLOITDB perl WORKING POC
AKoff MIDI Player 1.00 - Buffer Overflow
EIP-2026-114599 EXPLOITDB text WORKING POC
Zen Time Tracking 2.2 - Multiple SQL Injections
CVE-2010-1053 EXPLOITDB text WORKING POC
Zen Time Tracking <2.2 - SQL Injection
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information.
EIP-2026-113215 EXPLOITDB text WORKING POC
Web Cookbook - Multiple Vulnerabilities
CVE-2010-1267 EXPLOITDB text WORKING POC
WebMaid CMS <0.2-6 - Path Traversal
Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.
EIP-2026-113052 EXPLOITDB text WORKING POC
Velhost Uploader Script 1.2 - Local File Inclusion
EIP-2026-113095 EXPLOITDB text WORKING POC
Vieassociative Openmairie 1.01 Beta - Local File Inclusion / Remote File Inclusion
CVE-2010-0958 EXPLOITDB text WORKING POC
Tribisur < 2.1 - Remote File Inclusion via Theme Parameter
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1366 EXPLOITDB text WORKING POC
Uiga Fan Club 1.0 - SQL Injection via admin_name or admin_password Parameters
Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters.
EIP-2026-112889 EXPLOITDB text WORKING POC
Ultra Light Forum - Persistent Cross-Site Scripting
EIP-2026-112629 EXPLOITDB text WORKING POC
Thatware 0.5.3 - Multiple Remote File Inclusions
EIP-2026-112177 EXPLOITDB text WORKING POC
SiSplet CMS 2008-01-24 - Multiple Remote File Inclusions
EIP-2026-112334 EXPLOITDB text WORKING POC
SOFTSAURUS 2.01 - Multiple Remote File Inclusions
EIP-2026-112176 EXPLOITDB text WRITEUP
Sisfokol 4.0 - Arbitrary File Upload
CVE-2009-4231 EXPLOITDB text WORKING POC
SweetRice < 0.5.3 - Remote File Inclusion via Plugin Parameter
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
CVE-2006-4278 EXPLOITDB php WORKING POC
SportsPHool 1.0 - Remote File Inclusion via mainnav Parameter
PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter.
EIP-2026-111901 EXPLOITDB text WORKING POC
Saurus CMS 4.6.4 - Multiple Remote File Inclusions
EIP-2026-111897 EXPLOITDB text WRITEUP
Saskia's ShopSystem - 'id' Local File Inclusion
EIP-2026-111894 EXPLOITDB text WORKING POC
SAPID SHOP 1.3 - Remote File Inclusion
EIP-2026-111721 EXPLOITDB text WORKING POC
ReciPHP 1.1 - SQL Injection
CVE-2010-1046 EXPLOITDB text WORKING POC
rostermain < 1.1 - SQL Injection via Userid or Password Parameter
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.
CVE-2009-4581 EXPLOITDB CRITICAL text WORKING POC
RoseOnlineCMS <3 B1 - Path Traversal
Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter.
CVSS 9.8
CVE-2010-1743 EXPLOITDB text WORKING POC
Scratcher - SQL Injection via projects.php id Parameter
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-111814 EXPLOITDB text WORKING POC
RTTucson Quotations Database Script - Authentication Bypass
EIP-2026-111794 EXPLOITDB text WORKING POC
RoseOnlineCMS 3 B1 - Remote Authentication Bypass