Cyb3r-1sT

59 exploits Active since May 2008
CVE-2009-1664 EXPLOITDB text WORKING POC
Easy Scripts Answer and Question Script - Unauthenticated Password Change via myaccount.php
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.
CVE-2009-1663 EXPLOITDB text WORKING POC
Easy Scripts Answer and Question Script - Unauthenticated Arbitrary File Upload via myaccount.php
Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory.
CVE-2009-1655 EXPLOITDB text WORKING POC
Easy Scripts Answer and Question Script - Authenticated SQL Injection via Userid Parameter
Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.
CVE-2009-1654 EXPLOITDB text WORKING POC
Easy Scripts Answer and Question Script - Cross-Site Scripting via questionid Parameter
Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
CVE-2008-6154 EXPLOITDB text WORKING POC
Hispah Text Links Ads 1.1 - SQL Injection via idcat Parameter
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
EIP-2026-119170 EXPLOITDB python WORKING POC
Steamcast - HTTP Request Remote Buffer Overflow (SEH) (2)
EIP-2026-119169 EXPLOITDB python WORKING POC
Steamcast - HTTP Request Remote Buffer Overflow (SEH) (1)
CVE-2008-5754 EXPLOITDB python WORKING POC
BulletProof FTP Client - Buffer Overflow
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
CVE-2009-1750 EXPLOITDB text WRITEUP
VidSharePro - Authenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
EIP-2026-113169 EXPLOITDB text WRITEUP
W2B Restaurant 1.2 - 'conf.inc' Configuration File Disclosure
CVE-2008-6518 EXPLOITDB text WRITEUP
VidiScript - Authenticated Remote Code Execution via Avatar Upload
Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.
EIP-2026-112669 EXPLOITDB text WRITEUP
Ticket Support Script - 'ticket.php' Arbitrary File Upload
CVE-2008-5168 EXPLOITDB text WORKING POC
Tips Complete Website 1.2.0 - SQL Injection
SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.
CVE-2008-4039 EXPLOITDB text WORKING POC
spice_classifieds - SQL Injection via cat_path Parameter
SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.
CVE-2008-6358 EXPLOITDB text WORKING POC
Social Groupie - SQL Injection via id Parameter
SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6367 EXPLOITDB text WRITEUP
Social Groupie - Authenticated Arbitrary File Upload via Photos/create_album.php
Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/.
CVE-2008-5166 EXPLOITDB text WORKING POC
Riddles Website 1.2.1 - SQL Injection
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.
CVE-2009-2770 EXPLOITDB text WORKING POC
PowerUpload 2.4 - Unauthenticated Authentication Bypass via MIME-Encoded Admin Cookie
PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.
EIP-2026-110915 EXPLOITDB text WRITEUP
phpAdBoard - 'conf.inc' Remote Configuration File Disclosure
EIP-2026-111027 EXPLOITDB text WRITEUP
phpDatingClub - 'conf.inc' File Disclosure
EIP-2026-111041 EXPLOITDB text WRITEUP
phpEmployment - 'conf.inc' File Disclosure
EIP-2026-110916 EXPLOITDB text WORKING POC
phpAdBoardPro - 'config.inc' Configuration File Disclosure
EIP-2026-111069 EXPLOITDB text WORKING POC
phpGreetCards - Config File Disclosure
CVE-2008-2457 EXPLOITDB text WORKING POC
bitmixsoft php-jokesite 2.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-4716 EXPLOITDB text WORKING POC
PHP-Lance 1.52 - SQL Injection via show.php catid Parameter
SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter.