HxH

8 exploits Active since Jun 2009
CVE-2009-2392 EXPLOITDB text WORKING POC
Virtuenetz Virtue Online Test Generator - SQL Injection
SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2009-2391 EXPLOITDB text WORKING POC
Virtuenetz Virtue Online Test Generator - XSS
Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid parameter.
EIP-2026-114368 EXPLOITDB text WORKING POC
WorkSimple 1.3.2 - Multiple Vulnerabilities
CVE-2009-2393 EXPLOITDB text WORKING POC
Virtuenetz Virtue Online Test Generator - Info Disclosure
admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified vectors.
CVE-2009-3246 EXPLOITDB text WORKING POC
MyBuxScript PTC-BUX - SQL Injection via spnews.php id Parameter
SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information.
CVE-2009-1854 EXPLOITDB text WORKING POC
Million Dollar Text Links 1.0 - Unauthenticated Authentication Bypass via userid Cookie
Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.
CVE-2009-3331 EXPLOITDB text WORKING POC
DDL CMS 1.0 - Remote Code Execution via wwwRoot Parameter
Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the wwwRoot parameter to (1) header.php, (2) submit.php, (3) submitted.php, and (4) autosubmitter/index.php.
CVE-2009-2231 EXPLOITDB text WORKING POC
MIDAS 1.43 - Unauthenticated Authentication Bypass via Admin Cookie
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.