virangar security team

31 exploits Active since Jan 2008
CVE-2008-6438 EXPLOITDB perl WORKING POC
E107coders Macguru Blog Engine Plugin - SQL Injection
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
CVE-2008-3564 EXPLOITDB text WORKING POC
Dayfox Blog 4 - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-1763 EXPLOITDB text WRITEUP
Blogator-script 0.95 - SQL Injection
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.
CVE-2008-0422 EXPLOITDB text WORKING POC
Boastmachine < 3.1 - SQL Injection
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6473 EXPLOITDB text WORKING POC
Blogator-script - Credentials Management
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
CVE-2008-6667 EXPLOITDB text WORKING POC
Marc Melvin A+ Php Scripts News Manag... - Authentication Bypass
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.