d3hydr8

10 exploits Active since Jul 2007
EIP-2026-115095 EXPLOITDB text WORKING POC
Core Impact 7.5 - Denial of Service
CVE-2007-5620 EXPLOITDB text WORKING POC
ZZ:FlashChat < 3.1 - Path Traversal via Help File Parameter
Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter.
CVE-2008-0465 EXPLOITDB text WORKING POC
Seagull 0.6.3 - Path Traversal via Files Parameter
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
CVE-2007-5816 EXPLOITDB text WRITEUP
CONTENTCustomizer <3.1mp - Info Disclosure
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.
CVE-2007-5817 EXPLOITDB MEDIUM text WORKING POC
ContentCustomizer < 3.1mp - Cross-Site Scripting via Privileged Actions
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks.
CVSS 6.1
CVE-2007-3934 EXPLOITDB text STUB
BBS E-Market - Remote File Inclusion via p_mode Parameter
PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter.
CVE-2010-0458 EXPLOITDB text WORKING POC
NetArt Media Blog System 1.5 - SQL Injection via cat or note Parameter
Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php.
EIP-2026-105312 EXPLOITDB text WRITEUP
AutoIndex PHP Script 2.2.1 - 'index.php' Cross-Site Scripting
CVE-2007-4146 EXPLOITDB text WRITEUP
WebEvent <4.03 - XSS
Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4052 EXPLOITDB text WORKING POC
nukedit 4.9.7 - Cross-Site Scripting via Email Parameter
Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.