FarhadKey

13 exploits Active since Oct 2005
CVE-2006-3772 EXPLOITDB text WORKING POC
PHP-Post 0.21 and 1.0 - Unauthenticated Privilege Escalation via Login Cookie Manipulation
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.
CVE-2006-2861 EXPLOITDB text WORKING POC
Particle Wiki <1.0.2 - SQL Injection
SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVE-2006-2887 EXPLOITDB html WORKING POC
myNewsletter <1.1.2 - SQL Injection
Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.
CVE-2009-0300 EXPLOITDB text WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2636. Reason: This candidate is a duplicate of CVE-2006-2636. Notes: All CVE users should reference CVE-2006-2636 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2006-1377 EXPLOITDB text WRITEUP
EasyMoblog <0.5.1 & CoMoblog 1.1 - XSS
Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter.
CVE-2006-1377 EXPLOITDB text WRITEUP
EasyMoblog <0.5.1 & CoMoblog 1.1 - XSS
Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter.
CVE-2006-2541 EXPLOITDB text WORKING POC
Zixforum 1.12 - SQL Injection via layid Parameter
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.
CVE-2006-2887 EXPLOITDB html WORKING POC
myNewsletter <1.1.2 - SQL Injection
Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.
CVE-2006-2737 EXPLOITDB html WORKING POC
Nukedit < 4.9.6 - Unauthenticated Arbitrary User Creation via GroupID Parameter
utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
EIP-2026-100501 EXPLOITDB text WORKING POC
ProPublish 2.0 - 'catid' SQL Injection
EIP-2026-100580 EXPLOITDB html WORKING POC
Techno Dreams (Multiple Scripts) - Multiple SQL Injections
CVE-2005-3208 EXPLOITDB html WORKING POC
aenovo - SQL Injection via Password Parameter in control.asp
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
CVE-2006-4524 EXPLOITDB html WORKING POC
Digiappz Freekot 1.01 - SQL Injection via Login or Password Parameters
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.