G4N0K

66 exploits Active since Dec 2006
EIP-2026-113092 EXPLOITDB php WORKING POC
VideoScript 3.0 < 4.1.5.55 - 'Unofficial' Shell Injection
CVE-2008-6629 EXPLOITDB text WORKING POC
WEBBDOMAIN Multi Languages WebShop Online 1.02 - Cross-Site Scripting via detail.php name Parameter
Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2008-5219 EXPLOITDB php WORKING POC
VideoScript <4.0.1.50 - Auth Bypass
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
EIP-2026-113091 EXPLOITDB php WORKING POC
VideoScript 3.0 < 4.0.1.50 - 'Official' Shell Injection
CVE-2008-6941 EXPLOITDB text WRITEUP
TurnkeyForms Web Hosting Directory - SQL Injection via Login Password Field
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
EIP-2026-112556 EXPLOITDB text WORKING POC
Tandis CMS 2.5 - 'index.php' Multiple SQL Injections
CVE-2008-6289 EXPLOITDB text WORKING POC
Tours Manager 1.0 - SQL Injection via cityid Parameter
SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter.
CVE-2008-6963 EXPLOITDB text WRITEUP
TurnkeyForms Text Link Sales - Unauthenticated Authentication Bypass via Direct admin.php Request
admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.
CVE-2008-6349 EXPLOITDB text WORKING POC
TurnkeyForms Business Survey Pro 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6723 EXPLOITDB text WORKING POC
TurnkeyForms Entertainment Portal 2.0 - Unauthenticated Authentication Bypass via adminLogged Cookie
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
CVE-2008-6302 EXPLOITDB text WRITEUP
TurnkeyForms Local Classifieds - Unauthenticated Authentication Bypass via Direct Admin Page Access
TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php.
EIP-2026-112810 EXPLOITDB text WORKING POC
TurnkeyForms Software Directory 1.0 - SQL Injection / Cross-Site Scripting
CVE-2008-6719 EXPLOITDB text WRITEUP
U&M Software Event Lister (JustListIt) 1.0 - Unauthenticated Access to Admin Scripts
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
CVE-2008-6718 EXPLOITDB text WRITEUP
U&M Software JustBookIt 1.0 - Unauthenticated Improper Authentication in Admin Scripts
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
CVE-2008-6717 EXPLOITDB text WRITEUP
U&M Software Signup 1.0 and 1.1 - Unauthenticated Improper Authentication in Admin Directory
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php.
EIP-2026-112162 EXPLOITDB text WORKING POC
Simply Classified 0.2 - 'category_id' SQL Injection
CVE-2008-6752 EXPLOITDB php WORKING POC
ReVou Micro Blogging Twitter Clone Plugin - Unauthenticated Password Change via Direct Request
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.
CVE-2008-6228 EXPLOITDB text WORKING POC
Pre Multi-Vendor Shopping Malls - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6232 EXPLOITDB text WRITEUP
Pre Shopping Mall - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6230 EXPLOITDB text WORKING POC
Pre Podcast Portal - SQL Injection via Tour.php id Parameter
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6716 EXPLOITDB text WRITEUP
Pre ADS Portal < 2.0 - Unauthenticated Improper Authentication in Admin Home Page
homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request.
CVE-2008-6232 EXPLOITDB text WRITEUP
Pre Shopping Mall - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
EIP-2026-111559 EXPLOITDB text WORKING POC
Prozilla Software Directory - Cross-Site Scripting / SQL Injection
CVE-2008-6226 EXPLOITDB text WORKING POC
Pre Projects PHP Auto Listings Script - SQL Injection via moreinfo.php itemno Parameter
SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.
CVE-2008-6535 EXPLOITDB php WORKING POC
PayPal eStores - Unauthenticated Administrative Password Change via Direct Request
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.