Hakxer

44 exploits Active since Feb 2005
CVE-2008-6292 EXPLOITDB WORKING POC
Acc Autos 4.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
CVE-2008-6293 EXPLOITDB WORKING POC
Acc Real Estate 4.0 - Unauthenticated Authentication Bypass via username_cookie
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin."
CVE-2008-6292 EXPLOITDB WORKING POC
Acc Autos 4.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
CVE-2008-6606 EXPLOITDB text WORKING POC
MatPo Link 1.2 Beta - SQL Injection via id Parameter
SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6293 EXPLOITDB text WORKING POC
Acc Real Estate 4.0 - Unauthenticated Authentication Bypass via username_cookie
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin."
CVE-2009-1644 EXPLOITDB perl WORKING POC
Sorinara Streaming Audio Player 0.9 - Stack-based Buffer Overflow via Crafted PLA File
Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file.
CVE-2004-0964 EXPLOITDB python WORKING POC
Zinf <2.2.1 - Remote Code Execution
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
EIP-2026-117448 EXPLOITDB python WORKING POC
Media Commands - '.m3u' Universal Overwrite (SEH)
CVE-2009-0885 EXPLOITDB python WORKING POC
Media Commands 1.0 - Remote Code Execution via Long String in Playlist File
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
EIP-2026-116407 EXPLOITDB perl WORKING POC
Thomson mp3PRO Player/Encoder - '.m3u' Crash (PoC)
CVE-2004-0964 EXPLOITDB perl WORKING POC
Zinf <2.2.1 - Remote Code Execution
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
EIP-2026-116645 EXPLOITDB perl WORKING POC
Zinf Audio Player 2.2.1 - '.m3u' Local Heap Overflow (PoC)
EIP-2026-116644 EXPLOITDB perl WORKING POC
Zinf Audio Player 2.2.1 - '.gqmpeg' Buffer Overflow (PoC)
CVE-2009-0885 EXPLOITDB perl WORKING POC
Media Commands 1.0 - Remote Code Execution via Long String in Playlist File
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
CVE-2008-6625 EXPLOITDB text WORKING POC
WEBBDOMAIN Polls 1.0 and 1.01 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6627 EXPLOITDB text WORKING POC
WEBDOMAIN WebShop <= 1.2 - SQL Injection via getin.php Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6626 EXPLOITDB text WORKING POC
WEBBDOMAIN Quiz <= 1.02 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6624 EXPLOITDB text WORKING POC
WEBBDOMAIN Petition 1.02, 2.0, 3.0 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-4570 EXPLOITDB text WORKING POC
Real Estate Classifieds - SQL Injection via cat Parameter
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-6794 EXPLOITDB text WORKING POC
Scripts For Sites EZ Pub Site - SQL Injection via cat Parameter
SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
EIP-2026-110627 EXPLOITDB text WRITEUP
photovideotube 1.11 - Multiple Vulnerabilities
CVE-2008-4705 EXPLOITDB text WORKING POC
MyPHPDating - SQL Injection via success_story.php id Parameter
SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6607 EXPLOITDB text WORKING POC
MatPo Link 1.2 Beta - Cross-Site Scripting via Thema Parameter
Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter.
EIP-2026-107702 EXPLOITDB text WORKING POC
I-Rater Pro/Plantinum 4.0 - Authentication Bypass
EIP-2026-106942 EXPLOITDB html WORKING POC
Evernew Free Joke Script 1.2 - Remote Change Password