G4N0K

66 exploits Active since Dec 2006
EIP-2026-113092 EXPLOITDB php WORKING POC
VideoScript 3.0 < 4.1.5.55 - 'Unofficial' Shell Injection
CVE-2008-6629 EXPLOITDB text WORKING POC
Webbdomain Webshop Online - XSS
Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2008-5219 EXPLOITDB php WORKING POC
VideoScript <4.0.1.50 - Auth Bypass
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
EIP-2026-113091 EXPLOITDB php WORKING POC
VideoScript 3.0 < 4.0.1.50 - 'Official' Shell Injection
CVE-2008-6941 EXPLOITDB text WRITEUP
Turnkeyforms Web Hosting Directory - SQL Injection
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
EIP-2026-112556 EXPLOITDB text WORKING POC
Tandis CMS 2.5 - 'index.php' Multiple SQL Injections
CVE-2008-6289 EXPLOITDB text WORKING POC
Toursmanager Tours Manager - SQL Injection
SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter.
CVE-2008-6963 EXPLOITDB text WRITEUP
Turnkeyforms Text Link Sales - Access Control
admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.
CVE-2008-6349 EXPLOITDB text WORKING POC
Turnkeyforms Business Survey Pro - SQL Injection
SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6723 EXPLOITDB text WORKING POC
Turnkeyforms Entertainment Portal - Authentication Bypass
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
CVE-2008-6302 EXPLOITDB text WRITEUP
Turnkeyforms Local Classifieds - Access Control
TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php.
EIP-2026-112810 EXPLOITDB text WORKING POC
TurnkeyForms Software Directory 1.0 - SQL Injection / Cross-Site Scripting
CVE-2008-6719 EXPLOITDB text WRITEUP
Uochm Justlistit - Authentication Bypass
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
CVE-2008-6718 EXPLOITDB text WRITEUP
Uochm Justbookit - Authentication Bypass
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
CVE-2008-6717 EXPLOITDB text WRITEUP
Uochm Signup - Authentication Bypass
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php.
EIP-2026-112162 EXPLOITDB text WORKING POC
Simply Classified 0.2 - 'category_id' SQL Injection
CVE-2008-6752 EXPLOITDB php WORKING POC
Revou - Improper Input Validation
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.
CVE-2008-6228 EXPLOITDB text WORKING POC
Preproject Pre Multi-vendor Shopping Malls - Credentials Management
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6232 EXPLOITDB text WRITEUP
Preprojects Pre Shopping Mall - Credentials Management
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6230 EXPLOITDB text WORKING POC
Preprojects Pre Podcast Portal - SQL Injection
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6716 EXPLOITDB text WRITEUP
Preprojects Pre Ads Portal < 2.0 - Authentication Bypass
homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request.
CVE-2008-6232 EXPLOITDB text WRITEUP
Preprojects Pre Shopping Mall - Credentials Management
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
EIP-2026-111559 EXPLOITDB text WORKING POC
Prozilla Software Directory - Cross-Site Scripting / SQL Injection
CVE-2008-6226 EXPLOITDB text WORKING POC
Preproject Php Auto Listings Script - SQL Injection
SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.
CVE-2008-6535 EXPLOITDB php WORKING POC
Paypalestores Paypal Estores - Access Control
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.