Diabolic Crab - Security Researcher - Exploit Intelligence Platform

CVE-2004-1558 EXPLOITDB c WORKING POC

YPOPs! 0.4-0.6 - Stack-Based Buffer Overflow via Long POP3 USER Command or SMTP Request

Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.

View Code

EIP-2026-112948 EXPLOITDB text WORKING POC

Valdersoft Shopping Cart 3.0 - Multiple Input Validation Vulnerabilities

View Code

EIP-2026-111246 EXPLOITDB text WORKING POC

phpWebSite 0.7.3/0.8.x/0.9.x - 'index.php' Directory Traversal

View Code

CVE-2005-1005 EXPLOITDB text WRITEUP

ProfitCode PayProCart 3.0 - Auth Bypass

ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter.

View Code

CVE-2005-1004 EXPLOITDB text WRITEUP

ProfitCode PayProCart 3.0 - Cross-Site Scripting via usrdetails.php sgnuptype Parameter

Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter.

View Code

CVE-2005-0928 EXPLOITDB text WRITEUP

PhotoPost PHP Pro 5.x - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

View Code

CVE-2005-0928 EXPLOITDB text WRITEUP

PhotoPost PHP Pro 5.x - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

View Code

CVE-2005-0929 EXPLOITDB text WRITEUP

PhotoPost PHP Pro <5.x - SQL Injection

SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.

View Code

CVE-2005-0929 EXPLOITDB text WRITEUP

PhotoPost PHP Pro <5.x - SQL Injection

SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.

View Code

CVE-2005-0928 EXPLOITDB text WRITEUP

PhotoPost PHP Pro 5.x - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

View Code

CVE-2005-0962 EXPLOITDB text WRITEUP

Lighthouse Squirrelcart - SQL Injection

SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action.

View Code

EIP-2026-106958 EXPLOITDB text WORKING POC

EXoops - Multiple Input Validation Vulnerabilities

View Code

EIP-2026-106827 EXPLOITDB text WRITEUP

Elemental Software CartWIZ 1.20 - Multiple SQL Injections

View Code

CVE-2005-0948 EXPLOITDB text WRITEUP

PortalApp - SQL Injection via ad_click.asp banner_id Parameter

SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter.

View Code

EIP-2026-100223 EXPLOITDB text WRITEUP

Comersus Open Technologies Comersus Cart 6.0.41 - Multiple SQL Injections

View Code

EIP-2026-100282 EXPLOITDB text WORKING POC

Dragonfly Commerce 1.0 - Multiple SQL Injections

View Code

EIP-2026-100222 EXPLOITDB text WORKING POC

Comersus Open Technologies Comersus Cart 6.0.41 - Multiple Cross-Site Scripting Vulnerabilities

View Code