Mountassif Moad

36 exploits Active since Nov 2008
CVE-2009-0460 EXPLOITDB WORKING POC
Whole Hog Ware Support 1.x - Auth Bypass
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2008-5783 EXPLOITDB WORKING POC
V3 Chat Live Support 3.0.4 - Auth Bypass
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVE-2009-0460 EXPLOITDB text WORKING POC
Whole Hog Ware Support 1.x - Auth Bypass
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2009-4809 EXPLOITDB text WORKING POC
Easy File Sharing Web Server 4.8 - Path Traversal via vfolder Parameter
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.
EIP-2026-118506 EXPLOITDB text WORKING POC
EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)
EIP-2026-117455 EXPLOITDB ruby WORKING POC
Mediacoder 0.6.2.4275 - Universal Buffer Overflow (SEH)
EIP-2026-117784 EXPLOITDB perl WORKING POC
POP Peeper 3.4.0.0 - '.html' Universal Overwrite (SEH)
EIP-2026-117783 EXPLOITDB perl WORKING POC
POP Peeper 3.4.0.0 - '.eml' Universal Overwrite (SEH)
EIP-2026-117454 EXPLOITDB perl WORKING POC
Mediacoder 0.6.2.4275 - '.m3u' Universal Stack Overflow
EIP-2026-117447 EXPLOITDB ruby WORKING POC
Media Commands - '.m3l' File Local Buffer Overflow
EIP-2026-116951 EXPLOITDB ruby WORKING POC
Chasys Media Player 1.1 - '.cue' Local Stack Overflow
EIP-2026-117248 EXPLOITDB c WORKING POC
GOM Player 2.0.12 - '.pls' Universal Buffer Overflow
CVE-2009-1040 EXPLOITDB perl WORKING POC
WinAsm Studio 5.1.5.0 - Buffer Overflow via Crafted Project File
Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file.
CVE-2009-1257 EXPLOITDB perl WORKING POC
Magic ISO Maker 5.5 build 0274 - Heap-Based Buffer Overflow via Crafted CCD File
Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file.
EIP-2026-114946 EXPLOITDB python WORKING POC
Audacity 1.6.2 - '.aup' Remote Off-by-One Crash
CVE-2008-5754 EXPLOITDB perl WORKING POC
BulletProof FTP Client - Buffer Overflow
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
CVE-2008-5042 EXPLOITDB text WRITEUP
Zeeways PhotoVideoTube < 1.1 - Unauthenticated Authentication Bypass via Direct Admin Request
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
CVE-2009-0461 EXPLOITDB text WORKING POC
Whole Hog Password Protect: Enhanced 1.x - Auth Bypass
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2009-0461 EXPLOITDB text WORKING POC
Whole Hog Password Protect: Enhanced 1.x - Auth Bypass
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2008-5784 EXPLOITDB CRITICAL text WORKING POC
V3 Chat - Profiles/Dating Script 3.0.2 - Auth Bypass
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVSS 9.8
CVE-2008-7075 EXPLOITDB php WORKING POC
Kalptaru Infotech Stararticles - SQL Injection
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6247 EXPLOITDB text WORKING POC
Scripts For Sites EZ Top Sites - SQL Injection via topsite.php ts Parameter
SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) EZ Top Sites allows remote attackers to execute arbitrary SQL commands via the ts parameter.
CVE-2008-6867 EXPLOITDB text WORKING POC
Scripts For Sites EZ Career - SQL Injection via Topic Parameter
SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2008-6778 EXPLOITDB text WORKING POC
Scripts for Sites EZ Auction - SQL Injection via viewfaqs.php cat Parameter
SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-6372 EXPLOITDB text WRITEUP
Ocean12 FAQ Manager Pro 1.0 - SQL Injection via ID Parameter in Cat Action
SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information.