BlackHawk

33 exploits Active since Feb 2005
EIP-2026-108065 EXPLOITDB php WORKING POC
JaxUltraBB 2.0 - Command Execution
CVE-2007-2988 EXPLOITDB php WORKING POC
Inout Meta Search Engine - Code Injection
A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php.
CVE-2008-0351 EXPLOITDB php WORKING POC
Evilsentinel < 1.0.9 - Authentication Bypass
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
EIP-2026-106031 EXPLOITDB php WORKING POC
CMSQLite 1.2 / CMySQLite 1.3.1 - Remote Code Execution
CVE-2007-2775 EXPLOITDB php WORKING POC
AlstraSoft Live Support <1.21 - Open Redirect
AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
CVE-2007-2777 EXPLOITDB php WORKING POC
AlstraSoft Template Seller Pro <3.25 - RCE
Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
CVE-2007-2776 EXPLOITDB php WORKING POC
AlstraSoft Template Seller Pro <3.25 - Auth Bypass
AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.
CVE-2007-2824 EXPLOITDB php WORKING POC
AlstraSoft E-Friends <4.21 - SQL Injection
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.