trew

7 exploits Active since Dec 2004
CVE-2004-2221 METASPLOIT ruby WORKING POC
Mercantec SoftCart 4.00b - Remote Code Execution via Long HTTP GET Parameter
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
CVE-2004-2221 EXPLOITDB ruby WORKING POC
Mercantec SoftCart 4.00b - Remote Code Execution via Long HTTP GET Parameter
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
CVE-2007-0388 EXPLOITDB perl WORKING POC
Woltlab Burning Board < 1.0.2 and <= 2.3.6 - SQL Injection via BoardID Parameters
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
CVE-2008-0400 EXPLOITDB text WRITEUP
Singapore modern template - Cross-Site Scripting via Gallery Parameter
Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.
CVE-2006-1356 EXPLOITDB text WORKING POC
LibVC 3 - Stack-Based Buffer Overflow via Long Line in vCard File
Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line.
CVE-2004-2221 EXPLOITDB ruby WORKING POC
Mercantec SoftCart 4.00b - Remote Code Execution via Long HTTP GET Parameter
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
CVE-2008-0256 EXPLOITDB text WRITEUP
Matteo Binda ASP Photo Gallery 1.0 - SQL Injection via id or ricerca Parameter
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.