virangar security team

31 exploits Active since Jan 2008
CVE-2008-6438 EXPLOITDB perl WORKING POC
MacGuru BLOG Engine Plugin 2.1.4-2.2 - SQL Injection via uid Parameter
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
CVE-2008-3564 EXPLOITDB text WORKING POC
Dayfox Blog 4 - Remote File Inclusion via Path Traversal in p, cat, and archive Parameters
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-1763 EXPLOITDB text WRITEUP
Blogator-script 0.95 - SQL Injection
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.
CVE-2008-0422 EXPLOITDB text WORKING POC
boastmachine < 3.1 - SQL Injection via mail.php id Parameter
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6473 EXPLOITDB text WORKING POC
Blogator-script 0.95 - Unauthenticated Arbitrary Password Change via Wildcard Parameter Injection
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
CVE-2008-6667 EXPLOITDB text WORKING POC
A+ PHP Scripts News Management System - Unauthenticated Authentication Bypass via Cookie Manipulation
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.