learn3r hacker

9 exploits Active since Jun 2006
CVE-2009-3327 EXPLOITDB text WRITEUP
WX-Guestbook 1.1.208 - SQL Injection via QUERY or USERNAME Parameter
Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6614 EXPLOITDB text WRITEUP
Implied By Design Micro CMS 3.5 - SQL Injection via Login Username or Password Parameter
Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field).
CVE-2006-3144 EXPLOITDB text WRITEUP
Implied By Design Micro CMS <3.5 - RCE
PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
EIP-2026-111562 EXPLOITDB text WORKING POC
PSI CMS 0.3.1 - SQL Injection
EIP-2026-111576 EXPLOITDB text WRITEUP
Public Media Manager - SQL Injection
CVE-2009-3315 EXPLOITDB text WRITEUP
NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 - SQL Injection via Username Field
SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field.
CVE-2009-3313 EXPLOITDB text WRITEUP
FMyClone 2.3 - SQL Injection via comp Parameter
Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php.
CVE-2009-3309 EXPLOITDB text WRITEUP
CF ShopKart 5.4 beta - SQL Injection via index.cfm itemid Parameter
SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320.
CVE-2009-3328 EXPLOITDB text WRITEUP
WX-Guestbook 1.1.208 - Cross-Site Scripting via sName Parameter
Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information.