SNAKES TEAM

15 exploits Active since Apr 2009
CVE-2009-1819 EXPLOITDB text WORKING POC
2daybiz Custom T-shirt Design Script - SQL Injection via product.php id Parameter
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1734 EXPLOITDB text WORKING POC
VidSharePro - SQL Injection via catid Parameter
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-1735 EXPLOITDB text WORKING POC
VidSharePro - Cross-Site Scripting via searchtxt Parameter
Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-1804 EXPLOITDB text WORKING POC
VideoScript.us YouTube Video Script - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-1617 EXPLOITDB text WORKING POC
Teraway LinkTracker 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2009-1618 EXPLOITDB text WORKING POC
Teraway LiveHelp 2.0 - Unauthenticated Authentication Bypass via TWLHadmin Cookie
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1619 EXPLOITDB text WORKING POC
Teraway FileStream 1.0 - Unauthenticated Authentication Bypass via twFSadmin Cookie
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
EIP-2026-111302 EXPLOITDB text WORKING POC
Pixelactivo 3.0 - 'idx' SQL Injection
CVE-2009-1346 EXPLOITDB text WORKING POC
NetHoteles 3.0 - SQL Injection via id_establecimiento Parameter
SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter.
EIP-2026-107642 EXPLOITDB text WRITEUP
Hot Project 7.0 - Authentication Bypass
CVE-2009-2013 EXPLOITDB text WORKING POC
Frontis 3.9.01.24 - SQL Injection via source_class Parameter
SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action.
CVE-2009-4933 EXPLOITDB text WORKING POC
Winterwebs Ezwebitor - SQL Injection
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-1741 EXPLOITDB text WORKING POC
DM FileManager 3.9.2 - SQL Injection via Username or Password Field
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVE-2009-1548 EXPLOITDB text WORKING POC
Blusky CMS - SQL Injection via News ID Parameter
SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.
CVE-2009-1820 EXPLOITDB text WORKING POC
2daybiz Custom T-shirt Design Script - Cross-Site Scripting via product.php id Parameter
Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.