AtT4CKxT3rR0r1ST

99 exploits Active since Jul 2007
CVE-2014-1636 EXPLOITDB text WRITEUP
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1636 EXPLOITDB text WRITEUP
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1636 EXPLOITDB text WRITEUP
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1915 EXPLOITDB html WORKING POC
Command School Student Management System 1.06.01 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.
CVE-2014-1915 EXPLOITDB html WORKING POC
Command School Student Management System 1.06.01 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.
EIP-2026-105859 EXPLOITDB text WRITEUP
cityadmin - 'links.php' Blind SQL Injection
EIP-2026-106244 EXPLOITDB text WORKING POC
crownweb - 'page.cfm' SQL Injection
EIP-2026-106235 EXPLOITDB text WORKING POC
Creative SplashWorks-SplashSite - 'page.php' Blind SQL Injection
CVE-2014-1636 EXPLOITDB text WRITEUP
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
CVE-2014-1637 EXPLOITDB text WRITEUP
Command School Student Management System <1.06.01 - Info Disclosure
Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.
EIP-2026-105588 EXPLOITDB text WORKING POC
Booking Calendar - Multiple Vulnerabilities
EIP-2026-105547 EXPLOITDB text WORKING POC
BloofoxCMS 0.5.0 - Multiple Vulnerabilities
EIP-2026-105546 EXPLOITDB text WORKING POC
BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion
EIP-2026-105541 EXPLOITDB text WORKING POC
BloofoxCMS - '/bloofox/index.php?Username' SQL Injection
EIP-2026-105540 EXPLOITDB text WORKING POC
BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection
EIP-2026-105539 EXPLOITDB html WORKING POC
BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)
EIP-2026-105646 EXPLOITDB html WORKING POC
Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)
EIP-2026-105113 EXPLOITDB html WORKING POC
Allomani Web Links 1.0 - Cross-Site Request Forgery (Add Admin)
EIP-2026-105112 EXPLOITDB html WORKING POC
Allomani Super MultiMedia Library 2.5.0 - Cross-Site Request Forgery (Add Admin)
EIP-2026-105109 EXPLOITDB html WORKING POC
Allomani News 1.0 - Cross-Site Request Forgery (Add Admin)
EIP-2026-105108 EXPLOITDB html WORKING POC
Allomani Movies Library 2.0 - Cross-Site Request Forgery (Add Admin)
EIP-2026-105107 EXPLOITDB html WORKING POC
Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) (2)
EIP-2026-105105 EXPLOITDB html WORKING POC
Allomani Audio and Video Library 2.7.0 - Cross-Site Request Forgery (Add Admin)
EIP-2026-105051 EXPLOITDB text WORKING POC
Ajax Availability Calendar 3.x - Multiple Vulnerabilities