shinmai

5 exploits Active since Jan 2008
CVE-2008-0397 EXPLOITDB text WRITEUP
aflog 1.01 - SQL Injection via Comments ID Parameter
Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.
CVE-2008-5195 EXPLOITDB text WORKING POC
SebracCMS 0.4 - SQL Injection via recid Parameter
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
CVE-2008-0435 EXPLOITDB text WRITEUP
ozjournals 2.1.1 - Path Traversal via Print Preview ID Parameter
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
CVE-2008-0357 EXPLOITDB perl WORKING POC
Galaxyscripts Mini File Host < 1.2.1 - Unauthenticated Path Traversal via Language Parameter
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
CVE-2008-0398 EXPLOITDB text WRITEUP
aflog < 1.01 - Cross-Site Scripting via Comment Form
Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.