Mountassif Moad

36 exploits Active since Nov 2008
CVE-2008-7063 EXPLOITDB text WORKING POC
Ocean12tech Faq Manager Pro - Information Disclosure
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.
CVE-2008-5040 EXPLOITDB text WORKING POC
Graphiks Myforum - Authentication Bypass
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
CVE-2008-7049 EXPLOITDB text WORKING POC
Natterchat - SQL Injection
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
CVE-2008-7047 EXPLOITDB text WRITEUP
Natterchat - Authentication Bypass
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
CVE-2008-6815 EXPLOITDB text WRITEUP
Myktools - Authentication Bypass
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
EIP-2026-108374 EXPLOITDB php WORKING POC
Joomla! Component com_iJoomla_archive - Blind SQL Injection
EIP-2026-107546 EXPLOITDB text WORKING POC
H2O-CMS 3.4 - Insecure Cookie Handling
EIP-2026-105407 EXPLOITDB text WRITEUP
Basic-CMS - Remote Database Disclosure
CVE-2008-4902 EXPLOITDB php WORKING POC
Scripts Frenzy Article Publisher Pro - SQL Injection
SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2008-5497 EXPLOITDB text WORKING POC
BandSite CMS 1.1.4 - Auth Bypass
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.
CVE-2008-5640 EXPLOITDB text WRITEUP
Active Bids 3.5 - SQL Injection
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.