Mr.tro0oqy

EIP-2026-118191 EXPLOITDB perl WORKING POC

Yahoo Player 1.0 - '.m3u' / '.pls' / '.ypl' Local Buffer Overflow (SEH)

View Code

EIP-2026-115956 EXPLOITDB perl WORKING POC

NovaPlayer 1.0 - '.mp3' File Local Denial of Service (2)

View Code

EIP-2026-113385 EXPLOITDB perl WORKING POC

WebVision 2.1 - 'news.php?n' SQL Injection

View Code

EIP-2026-113121 EXPLOITDB html WORKING POC

VisionLms 1.0 - 'changePW.php' Remote Password Change

View Code

CVE-2009-1670 EXPLOITDB text WRITEUP

TCPDB 3.8 - Unauthenticated Admin Account Creation via user/index.php

user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information.

View Code

CVE-2009-1619 EXPLOITDB text WORKING POC

Teraway FileStream 1.0 - Unauthenticated Authentication Bypass via twFSadmin Cookie

Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.

View Code

CVE-2009-3531 EXPLOITDB perl WORKING POC

Universe CMS 1.0.6 - SQL Injection via vnews.php id Parameter

SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2009-1618 EXPLOITDB text WORKING POC

Teraway LiveHelp 2.0 - Unauthenticated Authentication Bypass via TWLHadmin Cookie

Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.

View Code

CVE-2009-1617 EXPLOITDB text WORKING POC

Teraway LinkTracker 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation

Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.

View Code

EIP-2026-112255 EXPLOITDB text WORKING POC

SmilieScript 1.0 - Authentication Bypass

View Code

EIP-2026-112231 EXPLOITDB text WORKING POC

Smart PHP Poll - Authentication Bypass

View Code

CVE-2009-2209 EXPLOITDB text WORKING POC

RS-CMS 2.1 - SQL Injection via key Parameter

SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter.

View Code

EIP-2026-111346 EXPLOITDB text WORKING POC

Plogger - Remote File Disclosure

View Code

CVE-2009-3970 EXPLOITDB text WORKING POC

PHP Dir Submit - Authenticated SQL Injection via aid Parameter

SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.

View Code

CVE-2009-1587 EXPLOITDB text WORKING POC

PHP Site Lock 2.0 - Unauthenticated Authentication Bypass via Cookie Manipulation

index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.

View Code

CVE-2009-2003 EXPLOITDB text WORKING POC

Ascad Networks Password Protector SD <1.3.1 - Auth Bypass

Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."

View Code

CVE-2009-1739 EXPLOITDB text WORKING POC

PAD Site Scripts 3.6 - Unauthenticated Privilege Escalation via Authuser Cookie

PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username.

View Code

CVE-2009-4876 EXPLOITDB text WRITEUP

Netrix CMS 1.0 - Unauthenticated Arbitrary Page Modification via cid Parameter

admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter.

View Code

EIP-2026-109812 EXPLOITDB text WORKING POC

MyWeight 1.0 - Arbitrary File Upload

View Code

CVE-2009-3975 EXPLOITDB text WORKING POC

Moa Gallery 1.1.0 and 1.2.0 - SQL Injection via gallery_id Parameter

SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action.

View Code

EIP-2026-108965 EXPLOITDB php SCANNER

Kamads Classifieds 2.0 - Admin Hash Disclosure

View Code

CVE-2008-2633 EXPLOITDB text WORKING POC

Joomla com_joomradio 1.0 - SQL Injection via id Parameter

Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.

View Code

EIP-2026-108295 EXPLOITDB text WORKING POC

Joomla! Component com_calendario - Blind SQL Injection

View Code

EIP-2026-108412 EXPLOITDB text WORKING POC

Joomla! Component com_Joomlaoads - 'packageId' SQL Injection

View Code

EIP-2026-108527 EXPLOITDB text WORKING POC

Joomla! Component com_schools - SQL Injection

View Code