SNAKES TEAM

15 exploits Active since Apr 2009
CVE-2009-1819 EXPLOITDB text WORKING POC
2daybiz Custom T-shirt Design Script - SQL Injection
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1734 EXPLOITDB text WORKING POC
Omnisoftsol Vidsharepro - SQL Injection
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-1735 EXPLOITDB text WORKING POC
Omnisoftsol Vidsharepro - XSS
Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-1804 EXPLOITDB text WORKING POC
Videoscript Youtube Video Script - SQL Injection
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-1617 EXPLOITDB text WORKING POC
Teraway Linktracker - Authentication Bypass
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2009-1618 EXPLOITDB text WORKING POC
Teraway Livehelp - Authentication Bypass
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1619 EXPLOITDB text WORKING POC
Teraway Filestream - Authentication Bypass
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
EIP-2026-111302 EXPLOITDB text WORKING POC
Pixelactivo 3.0 - 'idx' SQL Injection
CVE-2009-1346 EXPLOITDB text WORKING POC
Interguias Nethoteles - SQL Injection
SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter.
EIP-2026-107642 EXPLOITDB text WRITEUP
Hot Project 7.0 - Authentication Bypass
CVE-2009-2013 EXPLOITDB text WORKING POC
Frontis 3.9.01.24 - SQL Injection
SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action.
CVE-2009-4933 EXPLOITDB text WORKING POC
Winterwebs Ezwebitor - SQL Injection
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-1741 EXPLOITDB text WORKING POC
Dutchmonkey DM Filemanager - SQL Injection
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVE-2009-1548 EXPLOITDB text WORKING POC
Qsix Blusky Cms - SQL Injection
SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.
CVE-2009-1820 EXPLOITDB text WORKING POC
2daybiz Custom T-shirt Design Script - XSS
Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.