AlpHaNiX

50 exploits Active since Dec 2008
EIP-2026-101075 EXPLOITDB perl WORKING POC
Sagem Routers - Remote Reset
CVE-2008-5589 EXPLOITDB text WORKING POC
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2008-5588 EXPLOITDB text WORKING POC
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.
EIP-2026-100509 EXPLOITDB text WRITEUP
QuickerSite Easy CMS - Database Disclosure
CVE-2008-5560 EXPLOITDB text WORKING POC
PostEcards - Unauthenticated Sensitive Information Exposure via Direct Database File Access
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
CVE-2008-5573 EXPLOITDB text WRITEUP
Poll Pro 2.0 - SQL Injection via Login Username or Password Parameter
SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.
CVE-2008-6153 EXPLOITDB text WORKING POC
Jay Patel Pixel8 Web Photo Album 3.0 - SQL Injection via AlbumID Parameter
SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
CVE-2008-5602 EXPLOITDB text WRITEUP
natterchat 1.12 - Unauthenticated Sensitive Information Exposure via Direct Database File Request
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
CVE-2008-5767 EXPLOITDB text WRITEUP
gNews Publisher - SQL Injection via authorID Parameter
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
CVE-2008-6354 EXPLOITDB text WRITEUP
The Net Guys ASPired2poll - Unauthenticated Sensitive Information Exposure via Direct Database Download
The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb.
CVE-2008-6355 EXPLOITDB text WRITEUP
ASPired2Protect - Unauthenticated Sensitive Information Exposure via Direct Database Download
The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb.
CVE-2008-5772 EXPLOITDB text WORKING POC
ASPSiteWare RealtyListings <2.0 - SQL Injection
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
CVE-2008-5774 EXPLOITDB text WORKING POC
ASPSiteWare HomeBuilder <2.0 - SQL Injection
Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp.
CVE-2008-5608 EXPLOITDB text WRITEUP
ASP AutoDealer - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
CVE-2008-5605 EXPLOITDB text WORKING POC
ASP Portal - SQL Injection
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
EIP-2026-100319 EXPLOITDB perl WORKING POC
Exjune Guestbook 2.0 - Remote Database Disclosure
CVE-2008-6374 EXPLOITDB text WRITEUP
MailingListPro Free Edition - Information Disclosure via Direct Request
CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb.
CVE-2008-5893 EXPLOITDB text WORKING POC
ClickAndEmail - Cross-Site Scripting via tablename Parameter in admin_dblayers.asp
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.
CVE-2008-5889 EXPLOITDB text WRITEUP
Click&Rank - Cross-Site Scripting via user.asp action parameter
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.
EIP-2026-100203 EXPLOITDB text WORKING POC
Click&BaneX - Multiple SQL Injections
CVE-2008-6324 EXPLOITDB text WORKING POC
CF_Forum - SQL Injection via categorynbr Parameter
SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
CVE-2008-6319 EXPLOITDB perl WORKING POC
CF_Calendar - SQL Injection via calid Parameter
SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.
CVE-2008-6323 EXPLOITDB text WRITEUP
CFMSource CF_Auction - SQL Injection via forummessages.cfm categorynbr Parameter
SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
CVE-2008-6322 EXPLOITDB text WRITEUP
CFMSource CFMBlog - SQL Injection via categorynbr Parameter
SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
CVE-2008-6321 EXPLOITDB text WORKING POC
CF Shopkart 5.2.2 - Unauthenticated Sensitive Information Exposure via Database File Access
CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request.