mh_p0rtal

5 exploits Active since May 2005
CVE-2005-2058 EXPLOITDB php WORKING POC
UBB.Threads - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVE-2005-1787 EXPLOITDB php WORKING POC
phpstat 1.5 - Unauthenticated Authentication Bypass via $check Variable
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
CVE-2005-1375 EXPLOITDB php WORKING POC
Claroline 1.5.3-1.6 RC - SQL Injection
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
CVE-2005-1779 EXPLOITDB php WORKING POC
MaxWebPortal 1.35, 1.36, 2.0, 20050418 Next - SQL Injection via memKey Parameter
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
CVE-2005-2067 EXPLOITDB perl WORKING POC
asp-nuke - SQL Injection via article.asp articleid Parameter
SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter.