KnocKout - Security Researcher - Exploit Intelligence Platform

CVE-2008-2873 EXPLOITDB text WORKING POC

sHibby sHop < 2.2 - Unauthenticated Sensitive Information Exposure via Direct Database Access

sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.

View Code

CVE-2008-2872 EXPLOITDB text WORKING POC

shibby_shop < 2.2 - SQL Injection via sayfa Parameter

SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.

View Code

EIP-2026-119347 EXPLOITDB text WORKING POC

Aleza Portal 1.6 - Insecure SQL Injection / Cookie Handling

View Code

CVE-2010-3608 EXPLOITDB text WORKING POC

wpQuiz 2.7 - SQL Injection via id or password Parameter

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.

View Code

EIP-2026-112585 EXPLOITDB text WORKING POC

TEDE Simplificado 1.01/S2.04 - Multiple SQL Injections

View Code

CVE-2010-4912 EXPLOITDB text WORKING POC

UCenter Home 2.0 - SQL Injection via shop.php shopid Parameter

SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.

View Code

EIP-2026-112787 EXPLOITDB html WORKING POC

Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)

View Code

EIP-2026-112241 EXPLOITDB text WRITEUP

SmartBox - 'page_id' SQL Injection

View Code

CVE-2008-2882 EXPLOITDB text WORKING POC

sHibby sHop < 2.2 - Unauthenticated Arbitrary File Write via upgrade.asp

upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.

View Code

EIP-2026-111272 EXPLOITDB perl WORKING POC

PikaCMS - Multiple Local File Disclosure Vulnerabilities

View Code

CVE-2008-6802 EXPLOITDB text WORKING POC

phPhotoGallery 0.92 - SQL Injection via Username and Password Fields

Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View Code

EIP-2026-111191 EXPLOITDB text WORKING POC

PHPRS - 'model-kits.php' SQL Injection

View Code

CVE-2009-2117 EXPLOITDB text WORKING POC

phPortal 1.0 - Unauthenticated Authentication Bypass via kulladi Cookie

uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.

View Code

CVE-2008-6516 EXPLOITDB text WORKING POC

phpkf-portal 1.10 - Path Traversal via tema_dizin or portal_ayarlarportal_dili Parameter

Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View Code

CVE-2008-6516 EXPLOITDB text WORKING POC

phpkf-portal 1.10 - Path Traversal via tema_dizin or portal_ayarlarportal_dili Parameter

Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View Code

EIP-2026-110539 EXPLOITDB text WORKING POC

PEEL Premium 5.71 - SQL Injection

View Code

EIP-2026-109387 EXPLOITDB perl WORKING POC

MediaSuite CMS - Artibary File Disclosure

View Code

EIP-2026-108026 EXPLOITDB text WORKING POC

iy10 Dizin Scripti - Multiple Vulnerabilities

View Code

EIP-2026-107612 EXPLOITDB text WRITEUP

HOMEPIMA Design - 'filedown.php' Local File Disclosure

View Code

EIP-2026-107178 EXPLOITDB text WRITEUP

Food Order Portal - 'admin_user_delete.php' Cross-Site Request Forgery

View Code

EIP-2026-107452 EXPLOITDB text WORKING POC

Gökhan Balbal Script 2.0 - Cross-Site Request Forgery

View Code

CVE-2010-4797 EXPLOITDB text WORKING POC

Truworth Flex Timesheet - SQL Injection

Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.

View Code

EIP-2026-107069 EXPLOITDB text WRITEUP

Feindura File Manager 1.0(rc) - Arbitrary File Upload

View Code

EIP-2026-106937 EXPLOITDB html WORKING POC

Event Ticket Portal Script Admin Password Change - Cross-Site Request Forgery

View Code

CVE-2008-1493 EXPLOITDB text WRITEUP

Cuteflow Bin <1.5.0 - Path Traversal

Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

View Code