Septemb0x - Security Researcher - Exploit Intelligence Platform

CVE-2009-2396 EXPLOITDB text WORKING POC

DM Albums 1.9.2 - Remote Code Execution via SECURITY_FILE Parameter

PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.

View Code

EIP-2026-113746 EXPLOITDB text WORKING POC

WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure

View Code

EIP-2026-112763 EXPLOITDB text WORKING POC

TPO Duyuru Scripti - Insecure Cookie Authentication Bypass

View Code

CVE-2009-3199 EXPLOITDB text WRITEUP

Uebimiau Webmail 3.2.0-2.0 - Unauthenticated Exposure of Sensitive Information via Direct Request

Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf.

View Code

EIP-2026-106320 EXPLOITDB text WORKING POC

Cybershade CMS 0.2b - Remote File Inclusion

View Code

CVE-2009-2399 EXPLOITDB text WORKING POC

DM FileManager 3.9.4 - Remote Code Execution via SECURITY_FILE Parameter

PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.

View Code

CVE-2009-2306 EXPLOITDB text WRITEUP

armassa ARD-9808 Software - Unauthenticated Sensitive Information Exposure via Direct Request

The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini.

View Code