matrix_killer

7 exploits Active since Aug 2005
CVE-2005-2648 EXPLOITDB text WORKING POC
W-Agora 4.2.0 - Directory Traversal via Site Parameter
Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter.
CVE-2006-0444 EXPLOITDB perl WORKING POC
phpclanwebsite 1.23.1 - SQL Injection via Forum Post Par Parameter
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.
CVE-2006-1425 EXPLOITDB text WRITEUP
phpmyfamily 1.4.1 - Cross-Site Scripting via Track.php Name Parameter
Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2005-2675 EXPLOITDB text WRITEUP
Land Down Under 800 - SQL Injection
Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.
CVE-2005-2788 EXPLOITDB text WRITEUP
Land Down Under <801 - SQL Injection
Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.
CVE-2005-2788 EXPLOITDB text WRITEUP
Land Down Under <801 - SQL Injection
Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.
CVE-2005-2649 EXPLOITDB text WORKING POC
ATutor 1.5.1 - Cross-Site Scripting via Course Parameter or Search Words
Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.