r3dm0v3

6 exploits Active since Sep 2008
CVE-2008-4613 EXPLOITDB text WORKING POC
PortalApp 4.0 - SQL Injection via forums.asp sortby Parameter
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2008-4612 EXPLOITDB text WORKING POC
PortalApp 4.0 - Cross-Site Scripting via Keywords Parameter
Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp.
CVE-2008-4351 EXPLOITDB text WORKING POC
phpSmartCom 0.2 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the p parameter.
CVE-2008-4352 EXPLOITDB text WORKING POC
phpSmartCom 0.2 - SQL Injection via UID Parameter
SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php.
CVE-2008-5582 EXPLOITDB perl WORKING POC
Nukedit 4.9.x - SQL Injection via Email Parameter
SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVE-2008-4614 EXPLOITDB text WORKING POC
PortalApp 4.0 - Unauthenticated Forum and Content Management via forums.asp and content.asp
PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.