AkaStep - Security Researcher - Exploit Intelligence Platform

EIP-2026-109591 EXPLOITDB text WRITEUP

MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure

View Code

CVE-2012-4254 EXPLOITDB text WRITEUP

mysqldumper 1.24.4 - Exposure of Sensitive Information via Direct Request to Restore or Dump Script

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.

View Code

CVE-2012-4251 EXPLOITDB text WRITEUP

MySQLDumper 1.24.4 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.

View Code

CVE-2012-4251 EXPLOITDB text WRITEUP

MySQLDumper 1.24.4 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.

View Code

EIP-2026-109805 EXPLOITDB php WORKING POC

MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution

View Code

CVE-2012-4252 EXPLOITDB text WRITEUP

MySQLDumper 1.24.4 - Cross-Site Request Forgery via Multiple Administrative Actions

Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.

View Code

CVE-2012-4251 EXPLOITDB text WRITEUP

MySQLDumper 1.24.4 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.

View Code

CVE-2012-4251 EXPLOITDB text WRITEUP

MySQLDumper 1.24.4 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.

View Code

CVE-2012-4253 EXPLOITDB text WRITEUP

mysqldumper 1.24.4 - Path Traversal via Language Parameter

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.

View Code

EIP-2026-107432 EXPLOITDB text WORKING POC

Glossword 1.8.3 - SQL Injection

View Code

EIP-2026-105867 EXPLOITDB text WORKING POC

CKEditor 4.0.1 - Multiple Vulnerabilities

View Code

EIP-2026-106176 EXPLOITDB text WRITEUP

Cotonti - 'admin.php' SQL Injection

View Code

EIP-2026-106129 EXPLOITDB text WRITEUP

Concrete5 CMS FlashUploader - Arbitrary '.SWF' File Upload

View Code

EIP-2026-106122 EXPLOITDB perl WORKING POC

Concrete CMS < 5.5.21 - Multiple Vulnerabilities

View Code

EIP-2026-105944 EXPLOITDB text WORKING POC

ClipShare 4.1.4 - Multiple Vulnerabilities

View Code

EIP-2026-105865 EXPLOITDB text WORKING POC

CKEditor - 'posteddata.php' Cross-Site Scripting

View Code

CVE-2012-2919 EXPLOITDB text WRITEUP

Chevereto 1.9.1 - Path Traversal via Upload Engine v Parameter

Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.

View Code

CVE-2012-2918 EXPLOITDB text WRITEUP

Chevereto 1.91 - Cross-Site Scripting via Upload Engine v Parameter

Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.

View Code

EIP-2026-105346 EXPLOITDB text WORKING POC

AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities

View Code

EIP-2026-105059 EXPLOITDB text WRITEUP

Ajaxmint Gallery 1.0 - Local File Inclusion

View Code

CVE-2012-4253 EXPLOITDB text WRITEUP

mysqldumper 1.24.4 - Path Traversal via Language Parameter

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.

View Code

EIP-2026-103915 EXPLOITDB text WRITEUP

Greenstone - Multiple Vulnerabilities

View Code