KnocKout

37 exploits Active since Dec 2007
CVE-2008-2873 EXPLOITDB text WORKING POC
Aspindir Shibby Shop < 2.2 - Access Control
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
CVE-2008-2872 EXPLOITDB text WORKING POC
Aspindir Shibby Shop < 2.2 - SQL Injection
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
EIP-2026-119347 EXPLOITDB text WORKING POC
Aleza Portal 1.6 - Insecure SQL Injection / Cookie Handling
CVE-2010-3608 EXPLOITDB text WORKING POC
Wire Plastic Design Wpquiz - SQL Injection
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
EIP-2026-112585 EXPLOITDB text WORKING POC
TEDE Simplificado 1.01/S2.04 - Multiple SQL Injections
CVE-2010-4912 EXPLOITDB text WORKING POC
UCenter Home 2.0 - SQL Injection
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
EIP-2026-112787 EXPLOITDB html WORKING POC
Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)
EIP-2026-112241 EXPLOITDB text WRITEUP
SmartBox - 'page_id' SQL Injection
CVE-2008-2882 EXPLOITDB text WORKING POC
Aspindir Shibby Shop < 2.2 - Access Control
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
EIP-2026-111272 EXPLOITDB perl WORKING POC
PikaCMS - Multiple Local File Disclosure Vulnerabilities
CVE-2008-6802 EXPLOITDB text WORKING POC
Phpexplorer Phphotogallery - SQL Injection
Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-111191 EXPLOITDB text WORKING POC
PHPRS - 'model-kits.php' SQL Injection
CVE-2009-2117 EXPLOITDB text WORKING POC
phPortal 1.0 - Auth Bypass
uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.
CVE-2008-6516 EXPLOITDB text WORKING POC
Phpkf-portal - Path Traversal
Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6516 EXPLOITDB text WORKING POC
Phpkf-portal - Path Traversal
Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-110539 EXPLOITDB text WORKING POC
PEEL Premium 5.71 - SQL Injection
EIP-2026-109387 EXPLOITDB perl WORKING POC
MediaSuite CMS - Artibary File Disclosure
EIP-2026-108026 EXPLOITDB text WORKING POC
iy10 Dizin Scripti - Multiple Vulnerabilities
EIP-2026-107612 EXPLOITDB text WRITEUP
HOMEPIMA Design - 'filedown.php' Local File Disclosure
EIP-2026-107178 EXPLOITDB text WRITEUP
Food Order Portal - 'admin_user_delete.php' Cross-Site Request Forgery
EIP-2026-107452 EXPLOITDB text WORKING POC
Gökhan Balbal Script 2.0 - Cross-Site Request Forgery
CVE-2010-4797 EXPLOITDB text WORKING POC
Truworth Flex Timesheet - SQL Injection
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
EIP-2026-107069 EXPLOITDB text WRITEUP
Feindura File Manager 1.0(rc) - Arbitrary File Upload
EIP-2026-106937 EXPLOITDB html WORKING POC
Event Ticket Portal Script Admin Password Change - Cross-Site Request Forgery
CVE-2008-1493 EXPLOITDB text WRITEUP
Cuteflow Bin <1.5.0 - Path Traversal
Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.