SirGod

121 exploits Active since Jul 2008
CVE-2008-3926 EXPLOITDB text WORKING POC
CMME 1.12 - Path Traversal
Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php.
EIP-2026-106247 EXPLOITDB text WORKING POC
CS Whois Lookup - 'ip' Remote Command Execution
EIP-2026-106100 EXPLOITDB text WORKING POC
Comparison Engine Power 1.0 - 'product.comparision.php' SQL Injection
CVE-2009-3507 EXPLOITDB text WORKING POC
CMSphp 0.21 - Path Traversal and Arbitrary File Execution via mod_file Parameter
Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter.
CVE-2008-6726 EXPLOITDB text WORKING POC
CMScout 2.06 - Path Traversal via Bit Parameter
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415.
EIP-2026-105899 EXPLOITDB text WORKING POC
ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion
EIP-2026-105500 EXPLOITDB text WORKING POC
BKWorks ProPHP 0.50b1 - Authentication Bypass
CVE-2008-4526 EXPLOITDB text WORKING POC
CCMS 3.1 - Path Traversal via Skin Parameter
Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.
CVE-2008-6162 EXPLOITDB text WORKING POC
bux.to_clone_script - Unauthenticated Authentication Bypass via Cookie Manipulation
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.
CVE-2009-1025 EXPLOITDB text WORKING POC
Beerwin PHPLinkAdmin 1.0 - Remote Code Execution via Page Parameter
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
EIP-2026-105323 EXPLOITDB text WORKING POC
autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File
CVE-2008-7058 EXPLOITDB text WORKING POC
BandSite CMS 1.1.4 - Cross-Site Request Forgery via Admin Logout Endpoint
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
CVE-2009-4793 EXPLOITDB text WORKING POC
BandSite CMS 1.1.4 - Authenticated Remote Code Execution via File Upload
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. NOTE: some of these details are obtained from third party information.
CVE-2008-6906 EXPLOITDB text WORKING POC
BabbleBoard 1.1.6 - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username.
CVE-2009-3596 EXPLOITDB text WRITEUP
JoxTechnology Ajox Poll - Unauthenticated Authentication Bypass via Direct Request to admin/managepoll.php
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
EIP-2026-104879 EXPLOITDB text WORKING POC
aa33code 0.0.1 - Local File Inclusion / Authentication Bypass / File Disclosure
EIP-2026-104960 EXPLOITDB text WORKING POC
AdminLog 0.5 - 'valid_login' Authentication Bypass
CVE-2009-2152 EXPLOITDB text WORKING POC
AdaptWeb 0.9.2 - SQL Injection via CodigoDisciplina Parameter
SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action.
CVE-2009-1248 EXPLOITDB text WORKING POC
Acute Control Panel 1.0.0 - Remote Code Execution via Theme Directory Parameter
Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.
CVE-2009-1550 EXPLOITDB text WRITEUP
Zakkis Technology ABC Advertise 1.0 - Unauthenticated Information Disclosure via admin.inc.php
Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request.
EIP-2026-102083 EXPLOITDB text WORKING POC
TRENDnet TEW-634GRU 1.00.23 - Multiple Vulnerabilities