Hakxer

44 exploits Active since Feb 2005
CVE-2008-6292 EXPLOITDB WORKING POC
Accscripts Acc Autos - Access Control
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
CVE-2008-6293 EXPLOITDB WORKING POC
Accscripts Acc Real Estate - Access Control
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin."
CVE-2008-6292 EXPLOITDB WORKING POC
Accscripts Acc Autos - Access Control
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
CVE-2008-6606 EXPLOITDB text WORKING POC
Matpo Link - SQL Injection
SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6293 EXPLOITDB text WORKING POC
Accscripts Acc Real Estate - Access Control
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin."
CVE-2009-1644 EXPLOITDB perl WORKING POC
Sorinara Streaming Audio Player - Memory Corruption
Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file.
CVE-2004-0964 EXPLOITDB python WORKING POC
Zinf <2.2.1 - RCE
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
EIP-2026-117448 EXPLOITDB python WORKING POC
Media Commands - '.m3u' Universal Overwrite (SEH)
CVE-2009-0885 EXPLOITDB python WORKING POC
Mediacommands Media Commands - Memory Corruption
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
EIP-2026-116407 EXPLOITDB perl WORKING POC
Thomson mp3PRO Player/Encoder - '.m3u' Crash (PoC)
CVE-2004-0964 EXPLOITDB perl WORKING POC
Zinf <2.2.1 - RCE
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
EIP-2026-116645 EXPLOITDB perl WORKING POC
Zinf Audio Player 2.2.1 - '.m3u' Local Heap Overflow (PoC)
EIP-2026-116644 EXPLOITDB perl WORKING POC
Zinf Audio Player 2.2.1 - '.gqmpeg' Buffer Overflow (PoC)
CVE-2009-0885 EXPLOITDB perl WORKING POC
Mediacommands Media Commands - Memory Corruption
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
CVE-2008-6625 EXPLOITDB text WORKING POC
Webbdomain Polls - SQL Injection
SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6627 EXPLOITDB text WORKING POC
Webbdomain Webshop < 1.2 - SQL Injection
SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6626 EXPLOITDB text WORKING POC
Webbdomain Quiz < 1.02 - SQL Injection
SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6624 EXPLOITDB text WORKING POC
Webbdomain Petition - SQL Injection
SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-4570 EXPLOITDB text WORKING POC
Real-estate-scripts - SQL Injection
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-6794 EXPLOITDB text WORKING POC
SFS EZ PUB Fsf EX Pub - SQL Injection
SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
EIP-2026-110627 EXPLOITDB text WRITEUP
photovideotube 1.11 - Multiple Vulnerabilities
CVE-2008-4705 EXPLOITDB text WORKING POC
Phponlinedatingsoftware Myphpdating - SQL Injection
SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6607 EXPLOITDB text WORKING POC
Matpo Link - XSS
Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter.
EIP-2026-107702 EXPLOITDB text WORKING POC
I-Rater Pro/Plantinum 4.0 - Authentication Bypass
EIP-2026-106942 EXPLOITDB html WORKING POC
Evernew Free Joke Script 1.2 - Remote Change Password