elgCrew

3 exploits Active since Dec 2006
CVE-2007-4174 EXPLOITDB html WORKING POC
Tor <0.1.2.16 - Command Injection
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.
CVE-2007-4174 EXPLOITDB html WORKING POC
Tor <0.1.2.16 - Command Injection
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.
CVE-2006-6912 EXPLOITDB php WORKING POC
Phpmyfaq < 1.6.7 - SQL Injection
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.