KnocKout

CVE-2010-4799 EXPLOITDB text WRITEUP

Chipmunk Pwngame 1.0 - SQL Injection

Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2010-4503 EXPLOITDB text WRITEUP

Aigaion 1.3.4 - SQL Injection via ID Parameter in export action

SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.

View Code

CVE-2008-1962 EXPLOITDB text WRITEUP

Aterr 0.9.1 - Path Traversal via Class or File Parameter

Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) class parameter to include/functions.inc.php and the (2) file parameter to include/common.inc.php.

View Code

CVE-2007-6542 EXPLOITDB text WORKING POC

Arcadem < 2.04 - Remote Code Execution via admin/frontpage_right.php loadadminpage Parameter

PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.

View Code

EIP-2026-104836 EXPLOITDB text WRITEUP

411cc - Multiple SQL Injections

View Code

CVE-2008-2634 EXPLOITDB text WORKING POC

I-Pos Internet Pay Online Store < 1.3 - SQL Injection via Item Parameter

SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter.

View Code

CVE-2010-4855 EXPLOITDB text WORKING POC

xWeblog 2.2 - SQL Injection via makale_id Parameter

SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.

View Code

EIP-2026-100598 EXPLOITDB text WORKING POC

Vifi Radio 1.0 - Cross-Site Request Forgery

View Code

EIP-2026-100593 EXPLOITDB text WORKING POC

TradeMC E-Ticaret - SQL Injection / Cross-Site Scripting

View Code

CVE-2010-4793 EXPLOITDB text WRITEUP

Site2Nite Auto e-Manager - SQL Injection

SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.

View Code

EIP-2026-100359 EXPLOITDB text WORKING POC

i-pos StoreFront 1.3 - 'index.asp' SQL Injection

View Code

EIP-2026-100341 EXPLOITDB text WORKING POC

gokhun asp stok 1.0 - Multiple Vulnerabilities

View Code