hadihadi

36 exploits Active since Dec 2007
CVE-2008-3564 EXPLOITDB text WORKING POC
Dayfox Blog 4 - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-6438 EXPLOITDB perl WORKING POC
E107coders Macguru Blog Engine Plugin - SQL Injection
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
CVE-2008-6438 EXPLOITDB perl WORKING POC
E107coders Macguru Blog Engine Plugin - SQL Injection
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
CVE-2008-6438 EXPLOITDB text WRITEUP
E107coders Macguru Blog Engine Plugin - SQL Injection
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
EIP-2026-105904 EXPLOITDB text WORKING POC
Clever Copy 3.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
CVE-2008-6473 EXPLOITDB text WORKING POC
Blogator-script - Credentials Management
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
CVE-2008-0422 EXPLOITDB text WORKING POC
Boastmachine < 3.1 - SQL Injection
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1763 EXPLOITDB text WRITEUP
Blogator-script 0.95 - SQL Injection
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.
CVE-2008-2117 EXPLOITDB text WRITEUP
Project Alumni - XSS
Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126.
CVE-2008-2118 EXPLOITDB text WORKING POC
Project Alumni - SQL Injection
SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6667 EXPLOITDB text WORKING POC
Marc Melvin A+ Php Scripts News Manag... - Authentication Bypass
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.