Septemb0x

7 exploits Active since Jul 2009
CVE-2009-2396 EXPLOITDB text WORKING POC
DM Albums 1.9.2 - RCE
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
EIP-2026-113746 EXPLOITDB text WORKING POC
WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure
EIP-2026-112763 EXPLOITDB text WORKING POC
TPO Duyuru Scripti - Insecure Cookie Authentication Bypass
CVE-2009-3199 EXPLOITDB text WRITEUP
Uebimiau - Information Disclosure
Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf.
EIP-2026-106320 EXPLOITDB text WORKING POC
Cybershade CMS 0.2b - Remote File Inclusion
CVE-2009-2399 EXPLOITDB text WORKING POC
DM FileManager 3.9.4 - RCE
PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
CVE-2009-2306 EXPLOITDB text WRITEUP
ARD-9808 DVR - Info Disclosure
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini.