nukeit

9 exploits Active since Dec 2008
CVE-2008-5859 EXPLOITDB text WRITEUP
Constructr CMS <3.02.5 - SQL Injection
SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter.
CVE-2008-5847 EXPLOITDB text WRITEUP
Constructr CMS <3.02.5 - Info Disclosure
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
CVE-2008-6851 EXPLOITDB text WORKING POC
PHP Link Directory 3.3 - SQL Injection via page.php name Parameter
SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2009-0286 EXPLOITDB text WORKING POC
OpenGoo 1.1 - Path Traversal via form_data[script_class] Parameter
Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.
CVE-2008-5890 EXPLOITDB text WORKING POC
injader < 2.1.2 - SQL Injection via id Parameter
SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3167 EXPLOITDB text WORKING POC
Anantasoft Gazelle CMS 1.0 - Path Traversal via Template Parameter
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2008-5860 EXPLOITDB text WRITEUP
Constructr CMS <3.02.5 - Path Traversal
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.
CVE-2008-5856 EXPLOITDB text WRITEUP
ClaSS < 0.8.60 - Path Traversal via ftype Parameter
Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.
CVE-2008-5748 EXPLOITDB HIGH text WORKING POC
BloofoxCMS 0.3.4 - Path Traversal via Lang Theme or Module Parameter
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
CVSS 8.1