Mountassif Moad

36 exploits Active since Nov 2008
CVE-2008-7063 EXPLOITDB text WORKING POC
Ocean12 FAQ Manager Pro - Unauthenticated Sensitive Data Exposure via Direct Database Request
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.
CVE-2008-5040 EXPLOITDB text WORKING POC
Graphiks MyForum 1.3 - Unauthenticated Authentication Bypass via Cookie Manipulation
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
CVE-2008-7049 EXPLOITDB text WORKING POC
NatterChat 1.1 and 1.12 - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
CVE-2008-7047 EXPLOITDB text WRITEUP
NatterChat 1.1 - Unauthenticated Authentication Bypass via Direct Admin Endpoint Access
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
CVE-2008-6815 EXPLOITDB text WRITEUP
myktools 2.4 - Unauthenticated Database Backup Exposure via mykdownload.php
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
EIP-2026-108374 EXPLOITDB php WORKING POC
Joomla! Component com_iJoomla_archive - Blind SQL Injection
EIP-2026-107546 EXPLOITDB text WORKING POC
H2O-CMS 3.4 - Insecure Cookie Handling
EIP-2026-105407 EXPLOITDB text WRITEUP
Basic-CMS - Remote Database Disclosure
CVE-2008-4902 EXPLOITDB php WORKING POC
Article Publisher Pro 1.5 - SQL Injection via Userid Parameter
SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2008-5497 EXPLOITDB text WORKING POC
BandSite CMS 1.1.4 - Unauthenticated Authentication Bypass via login_auth Cookie
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.
CVE-2008-5640 EXPLOITDB text WRITEUP
Active Bids 3.5 - SQL Injection via ItemID Parameter
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.