G00db0y

31 exploits Active since Aug 2003
EIP-2026-112430 EXPLOITDB text WORKING POC
Stellar Docs 1.2 - Full Path Disclosure
CVE-2003-1088 EXPLOITDB text WORKING POC
Phpoutsourcing Zorum - XSS
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
CVE-2004-0327 EXPLOITDB text WRITEUP
Skintech Phpnewsmanager - Path Traversal
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
EIP-2026-109913 EXPLOITDB text WRITEUP
News Wizard 2.0 - Full Path Disclosure
EIP-2026-107632 EXPLOITDB text WORKING POC
HostAdmin - Full Path Disclosure
CVE-2004-0302 EXPLOITDB text WORKING POC
Fools Workshop Owls Workshop - Path Traversal
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.
CVE-2004-0303 EXPLOITDB text WRITEUP
OWLS 1.0 - Info Disclosure
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
CVE-2004-0302 EXPLOITDB text WORKING POC
Fools Workshop Owls Workshop - Path Traversal
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.
EIP-2026-107358 EXPLOITDB text WRITEUP
geeeekShop 1.4 - Information Disclosure
CVE-2004-0303 EXPLOITDB text WRITEUP
OWLS 1.0 - Info Disclosure
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
CVE-2004-0303 EXPLOITDB text WRITEUP
OWLS 1.0 - Info Disclosure
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
CVE-2004-0302 EXPLOITDB text WORKING POC
Fools Workshop Owls Workshop - Path Traversal
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.
CVE-2004-0300 EXPLOITDB text WRITEUP
Ecommerce Corporation Online Store Kit - SQL Injection
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
CVE-2004-0300 EXPLOITDB text WRITEUP
Ecommerce Corporation Online Store Kit - SQL Injection
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
CVE-2004-0300 EXPLOITDB text WRITEUP
Ecommerce Corporation Online Store Kit - SQL Injection
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
EIP-2026-106381 EXPLOITDB text WORKING POC
DCForum+ 1.2 - 'Subject' HTML Injection
EIP-2026-105458 EXPLOITDB text WORKING POC
Better Basket Pro 3.0 Store Builder - Full Path Disclosure
EIP-2026-105668 EXPLOITDB text WRITEUP
C-Cart 1.0 - Full Path Disclosure
CVE-2004-0275 EXPLOITDB text WRITEUP
Bosdev Bosdates - SQL Injection
SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.
CVE-2004-2175 EXPLOITDB text WRITEUP
ReviewPost PHP Pro - SQL Injection
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.
CVE-2004-2175 EXPLOITDB text WRITEUP
ReviewPost PHP Pro - SQL Injection
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.
CVE-2004-0293 EXPLOITDB text WRITEUP
Shopcartcgi - Path Traversal
Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.
CVE-2004-0293 EXPLOITDB text WRITEUP
Shopcartcgi - Path Traversal
Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.
CVE-2003-0557 EXPLOITDB text WORKING POC
StoreFront 6.0 - SQL Injection
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
EIP-2026-100507 EXPLOITDB WORKING POC
QuadComm Q-Shop 2.5 - Failure To Validate Credentials