G00db0y - Security Researcher - Exploit Intelligence Platform

EIP-2026-112430 EXPLOITDB text WORKING POC

Stellar Docs 1.2 - Full Path Disclosure

View Code

CVE-2003-1088 EXPLOITDB text WORKING POC

Zorum 3.4 and 3.5 - Cross-Site Scripting via Method Parameter

Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.

View Code

CVE-2004-0327 EXPLOITDB text WRITEUP

PhpNewsManager 1.46 - Directory Traversal via clang Parameter

Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.

View Code

EIP-2026-109913 EXPLOITDB text WRITEUP

News Wizard 2.0 - Full Path Disclosure

View Code

EIP-2026-107632 EXPLOITDB text WORKING POC

HostAdmin - Full Path Disclosure

View Code

CVE-2004-0302 EXPLOITDB text WORKING POC

fools_workshop owls_workshop - Directory Traversal via File Parameter

Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.

View Code

CVE-2004-0303 EXPLOITDB text WRITEUP

OWLS 1.0 - Unauthenticated Arbitrary File Read via Path Traversal

OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.

View Code

CVE-2004-0302 EXPLOITDB text WORKING POC

fools_workshop owls_workshop - Directory Traversal via File Parameter

Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.

View Code

EIP-2026-107358 EXPLOITDB text WRITEUP

geeeekShop 1.4 - Information Disclosure

View Code

CVE-2004-0303 EXPLOITDB text WRITEUP

OWLS 1.0 - Unauthenticated Arbitrary File Read via Path Traversal

OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.

View Code

CVE-2004-0303 EXPLOITDB text WRITEUP

OWLS 1.0 - Unauthenticated Arbitrary File Read via Path Traversal

OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.

View Code

CVE-2004-0302 EXPLOITDB text WORKING POC

fools_workshop owls_workshop - Directory Traversal via File Parameter

Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.

View Code

CVE-2004-0300 EXPLOITDB text WRITEUP

Online Store Kit 3.0 - SQL Injection via shop.php cat Parameter

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

View Code

CVE-2004-0300 EXPLOITDB text WRITEUP

Online Store Kit 3.0 - SQL Injection via shop.php cat Parameter

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

View Code

CVE-2004-0300 EXPLOITDB text WRITEUP

Online Store Kit 3.0 - SQL Injection via shop.php cat Parameter

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

View Code

EIP-2026-106381 EXPLOITDB text WORKING POC

DCForum+ 1.2 - 'Subject' HTML Injection

View Code

EIP-2026-105458 EXPLOITDB text WORKING POC

Better Basket Pro 3.0 Store Builder - Full Path Disclosure

View Code

EIP-2026-105668 EXPLOITDB text WRITEUP

C-Cart 1.0 - Full Path Disclosure

View Code

CVE-2004-0275 EXPLOITDB text WRITEUP

BosDates <= 3.2 - SQL Injection via Calendar Parameter

SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.

View Code

CVE-2004-2175 EXPLOITDB text WRITEUP

ReviewPost PHP Pro - SQL Injection via Product or Category Parameter

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.

View Code

CVE-2004-2175 EXPLOITDB text WRITEUP

ReviewPost PHP Pro - SQL Injection via Product or Category Parameter

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.

View Code

CVE-2004-0293 EXPLOITDB text WRITEUP

ShopCartCGI 2.3 - Directory Traversal via gotopage.cgi or genindexpage.cgi

Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.

View Code

CVE-2004-0293 EXPLOITDB text WRITEUP

ShopCartCGI 2.3 - Directory Traversal via gotopage.cgi or genindexpage.cgi

Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.

View Code

CVE-2003-0557 EXPLOITDB text WORKING POC

StoreFront < 6.0 - SQL Injection via Login Password Field

SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.

View Code

EIP-2026-100507 EXPLOITDB WORKING POC

QuadComm Q-Shop 2.5 - Failure To Validate Credentials

View Code