d3hydr8

10 exploits Active since Jul 2007
EIP-2026-115095 EXPLOITDB text WORKING POC
Core Impact 7.5 - Denial of Service
CVE-2007-5620 EXPLOITDB text WORKING POC
Zehnet ZZ Flashchat < 3.1 - Path Traversal
Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter.
CVE-2008-0465 EXPLOITDB text WORKING POC
Seagull - Path Traversal
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
CVE-2007-5816 EXPLOITDB text WRITEUP
CONTENTCustomizer <3.1mp - Info Disclosure
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.
CVE-2007-5817 EXPLOITDB MEDIUM text WORKING POC
CONTENTCustomizer <3.1mp - RCE
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks.
CVSS 6.1
CVE-2007-3934 EXPLOITDB text STUB
BBS E-Market - RCE
PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter.
CVE-2010-0458 EXPLOITDB text WORKING POC
Netartmedia Blog System - SQL Injection
Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php.
EIP-2026-105312 EXPLOITDB text WRITEUP
AutoIndex PHP Script 2.2.1 - 'index.php' Cross-Site Scripting
CVE-2007-4146 EXPLOITDB text WRITEUP
WebEvent <4.03 - XSS
Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4052 EXPLOITDB text WORKING POC
nukedit <4.9.7 - XSS
Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.