AlpHaNiX

50 exploits Active since Dec 2008
EIP-2026-101075 EXPLOITDB perl WORKING POC
Sagem Routers - Remote Reset
CVE-2008-5589 EXPLOITDB text WORKING POC
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2008-5588 EXPLOITDB text WORKING POC
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.
EIP-2026-100509 EXPLOITDB text WRITEUP
QuickerSite Easy CMS - Database Disclosure
CVE-2008-5560 EXPLOITDB text WORKING POC
PostEcards - Info Disclosure
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
CVE-2008-5573 EXPLOITDB text WRITEUP
Poll Pro 2.0 - SQL Injection
SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.
CVE-2008-6153 EXPLOITDB text WORKING POC
Jayeshp Pixel8 Web Photo Album - SQL Injection
SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
CVE-2008-5602 EXPLOITDB text WRITEUP
Natterchat 1.12 - Info Disclosure
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
CVE-2008-5767 EXPLOITDB text WRITEUP
gNews Publisher - SQL Injection
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
CVE-2008-6354 EXPLOITDB text WRITEUP
Thenetguys Aspired2poll - Access Control
The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb.
CVE-2008-6355 EXPLOITDB text WRITEUP
Thenetguys Aspired2protect - Access Control
The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb.
CVE-2008-5772 EXPLOITDB text WORKING POC
ASPSiteWare RealtyListings <2.0 - SQL Injection
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
CVE-2008-5774 EXPLOITDB text WORKING POC
ASPSiteWare HomeBuilder <2.0 - SQL Injection
Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp.
CVE-2008-5608 EXPLOITDB text WRITEUP
ASP AutoDealer - Info Disclosure
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
CVE-2008-5605 EXPLOITDB text WORKING POC
ASP Portal - SQL Injection
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
EIP-2026-100319 EXPLOITDB perl WORKING POC
Exjune Guestbook 2.0 - Remote Database Disclosure
CVE-2008-6374 EXPLOITDB text WRITEUP
Codefixer Mailinglistpro - Access Control
CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb.
CVE-2008-5893 EXPLOITDB text WORKING POC
ClickAndEmail - XSS
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.
CVE-2008-5889 EXPLOITDB text WRITEUP
Click&Rank - XSS
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.
EIP-2026-100203 EXPLOITDB text WORKING POC
Click&BaneX - Multiple SQL Injections
CVE-2008-6324 EXPLOITDB text WORKING POC
Cfmsource CF Forum - SQL Injection
SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
CVE-2008-6319 EXPLOITDB perl WORKING POC
Cfmsource CF Calendar - SQL Injection
SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.
CVE-2008-6323 EXPLOITDB text WRITEUP
Cfmsource CF Auction - SQL Injection
SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
CVE-2008-6322 EXPLOITDB text WRITEUP
Cfmsource Cfmblog - SQL Injection
SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
CVE-2008-6321 EXPLOITDB text WORKING POC
Cfshopkart CF Shopkart - Access Control
CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request.