G4N0K

66 exploits Active since Dec 2006
CVE-2009-4675 EXPLOITDB text WRITEUP
Mole Group Gastro Portal - Info Disclosure
admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission.
CVE-2008-5655 EXPLOITDB text WORKING POC
MyioSoft EasyBookMarker 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4674 EXPLOITDB html WORKING POC
Mole Group Bus & Sky Hunter Airline Script - Unauthenticated Password Change via admin.php
admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.
EIP-2026-108970 EXPLOITDB text WORKING POC
Kasra CMS - 'index.php' Multiple SQL Injections
CVE-2008-5568 EXPLOITDB php WORKING POC
IPN Pro 3 < 1.44 - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.
EIP-2026-107555 EXPLOITDB php WORKING POC
Harland Scripts 11 - Products Remote Command Execution
CVE-2008-5037 EXPLOITDB text WORKING POC
ElkaGroup Image Gallery 1.0 - SQL Injection via view.php cid Parameter
SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-1659 EXPLOITDB php WORKING POC
eLitius 1.0 - Unauthenticated Arbitrary File Upload via Avatar Content-Type Bypass
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.
CVE-2008-5565 EXPLOITDB php WORKING POC
DL PayCart < 1.34 - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.
CVE-2008-5567 EXPLOITDB php WORKING POC
Bonza Cart < 1.10 - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.
CVE-2008-6966 EXPLOITDB text WRITEUP
AJ Square AJ Auction Pro Platinum Skin #1 - Unauthenticated Authentication Bypass via Direct Request
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
CVE-2009-2003 EXPLOITDB text WORKING POC
Ascad Networks Password Protector SD <1.3.1 - Auth Bypass
Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."
CVE-2008-5650 EXPLOITDB text WRITEUP
AlstraSoft Web Host Directory - SQL Injection
SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter.
CVE-2008-7046 EXPLOITDB text WRITEUP
AJ Square Free Polling Script - Unauthenticated Authentication Bypass via Direct Request to newpoll.php
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-7041 EXPLOITDB text WRITEUP
ajsquare aj_classifieds - Unauthenticated Authentication Bypass via Direct Admin Page Access
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.
CVE-2008-7051 EXPLOITDB text WRITEUP
AJ Square AJ Article - Unauthenticated Administrator Access via Direct Request
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/.