Mountassif Moad

36 exploits Active since Nov 2008
CVE-2009-0460 EXPLOITDB WORKING POC
Whole Hog Ware Support 1.x - Auth Bypass
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2008-5783 EXPLOITDB WORKING POC
V3 Chat Live Support 3.0.4 - Auth Bypass
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVE-2009-0460 EXPLOITDB text WORKING POC
Whole Hog Ware Support 1.x - Auth Bypass
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2009-4809 EXPLOITDB text WORKING POC
Sharing-file Easy File Sharing Web Server - Path Traversal
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.
EIP-2026-118506 EXPLOITDB text WORKING POC
EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)
EIP-2026-117455 EXPLOITDB ruby WORKING POC
Mediacoder 0.6.2.4275 - Universal Buffer Overflow (SEH)
EIP-2026-117784 EXPLOITDB perl WORKING POC
POP Peeper 3.4.0.0 - '.html' Universal Overwrite (SEH)
EIP-2026-117783 EXPLOITDB perl WORKING POC
POP Peeper 3.4.0.0 - '.eml' Universal Overwrite (SEH)
EIP-2026-117454 EXPLOITDB perl WORKING POC
Mediacoder 0.6.2.4275 - '.m3u' Universal Stack Overflow
EIP-2026-117447 EXPLOITDB ruby WORKING POC
Media Commands - '.m3l' File Local Buffer Overflow
EIP-2026-116951 EXPLOITDB ruby WORKING POC
Chasys Media Player 1.1 - '.cue' Local Stack Overflow
EIP-2026-117248 EXPLOITDB c WORKING POC
GOM Player 2.0.12 - '.pls' Universal Buffer Overflow
CVE-2009-1040 EXPLOITDB perl WORKING POC
Winasm Studio - Memory Corruption
Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file.
CVE-2009-1257 EXPLOITDB perl WORKING POC
Magic Iso Maker - Memory Corruption
Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file.
EIP-2026-114946 EXPLOITDB python WORKING POC
Audacity 1.6.2 - '.aup' Remote Off-by-One Crash
CVE-2008-5754 EXPLOITDB perl WORKING POC
BulletProof FTP Client - Buffer Overflow
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
CVE-2008-5042 EXPLOITDB text WRITEUP
Zeeways Photovideotube < 1.1 - Authentication Bypass
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
CVE-2009-0461 EXPLOITDB text WORKING POC
Whole Hog Password Protect: Enhanced 1.x - Auth Bypass
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2009-0461 EXPLOITDB text WORKING POC
Whole Hog Password Protect: Enhanced 1.x - Auth Bypass
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2008-5784 EXPLOITDB CRITICAL text WORKING POC
V3 Chat - Profiles/Dating Script 3.0.2 - Auth Bypass
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVSS 9.8
CVE-2008-7075 EXPLOITDB php WORKING POC
Kalptaru Infotech Stararticles - SQL Injection
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6247 EXPLOITDB text WORKING POC
Scripts-for-sites EZ Top Sites - SQL Injection
SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) EZ Top Sites allows remote attackers to execute arbitrary SQL commands via the ts parameter.
CVE-2008-6867 EXPLOITDB text WORKING POC
Scripts FOR Sites EZ Career - SQL Injection
SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2008-6778 EXPLOITDB text WORKING POC
Scripts-for-sites EZ Auction - SQL Injection
SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-6372 EXPLOITDB text WRITEUP
Ocean12tech Faq Manager Pro - SQL Injection
SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information.