LionTurk

17 exploits Active since Jun 2007
CVE-2010-0976 EXPLOITDB text WRITEUP
Acidcat CMS 3.5.x - Info Disclosure
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."
CVE-2010-0376 EXPLOITDB text WRITEUP
JCE-Tech PHP Calendars - Cross-Site Scripting via cat Parameter in product_list.php
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
CVE-2010-0375 EXPLOITDB text WRITEUP
JCE-Tech PHP Calendars - SQL Injection via cat Parameter
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-0380 EXPLOITDB text WRITEUP
JCE-Tech PHP Calendars - Unauthenticated Settings Modification via Direct install.php Request
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
EIP-2026-105076 EXPLOITDB text WRITEUP
Alex Guestbook - Multiple Vulnerabilities
CVE-2010-0978 EXPLOITDB text WRITEUP
KMSoft Guestbook 1.0 - Info Disclosure
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
EIP-2026-100421 EXPLOITDB text WRITEUP
Mesut Manþet Haber 1.0 - Authentication Bypass
EIP-2026-100435 EXPLOITDB text SUSPICIOUS
Mini-NUKE 2.3 Freehost - Multiple Vulnerabilities
CVE-2009-4585 EXPLOITDB text WRITEUP
UranyumSoft Listing Service - Info Disclosure
UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb.
EIP-2026-100172 EXPLOITDB text WRITEUP
BlogWorx 1.0 Blog - Database Disclosure
CVE-2009-4820 EXPLOITDB text WRITEUP
Angelo-Emlak 1.0 - Unauthenticated Database Download via Direct Request
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.
CVE-2010-0984 EXPLOITDB text WRITEUP
Acidcat CMS <3.5.3 - Info Disclosure
Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
CVE-2010-1064 EXPLOITDB text WORKING POC
Erolife AjxGaleri VT - Info Disclosure
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.
CVE-2007-3061 EXPLOITDB text WRITEUP
Cactushop < 6 - Unauthenticated Sensitive Information Exposure via Direct Database Request
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
EIP-2026-100310 EXPLOITDB text WRITEUP
Esinti Web Design Gold Defter - Database Disclosure
EIP-2026-100328 EXPLOITDB text WRITEUP
Football Pool 3.1 - Database Disclosure
CVE-2009-4825 EXPLOITDB text WRITEUP
8pixel simple_blog - Unauthenticated Database Download via Direct Request
8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb.