ThE g0bL!N

92 exploits Active since Dec 2006
EIP-2026-117262 EXPLOITDB perl WORKING POC
Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer (SEH) (1)
CVE-2009-3428 EXPLOITDB perl WORKING POC
Easy Music Player 1.0.0.2 - Remote Code Execution via Crafted WAV File
Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file.
CVE-2009-3429 EXPLOITDB perl WORKING POC
Pirate Radio Destiny Media Player 1.61 - Stack-Based Buffer Overflow via .pls Playlist File
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
EIP-2026-116340 EXPLOITDB perl WORKING POC
Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH)
EIP-2026-116405 EXPLOITDB python WORKING POC
TFTPUtil GUI 1.3.0 - Remote Denial of Service
EIP-2026-116280 EXPLOITDB perl WORKING POC
Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH)
EIP-2026-116074 EXPLOITDB perl WORKING POC
Playlistmaker 1.5 - '.m3u' / '.M3L' / '.TXT' Local Stack Overflow (PoC)
CVE-2009-2384 EXPLOITDB perl WORKING POC
Brothersoft PEamp 1.02b - Buffer Overflow
Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
EIP-2026-115419 EXPLOITDB perl WORKING POC
Icarus 2.0 - '.ICP' Local Stack Overflow (PoC)
EIP-2026-115566 EXPLOITDB perl WORKING POC
M3U/M3L to ASX/WPL 1.1 - '.asx' / '.m3u' / '.m3l' Local Buffer Overflow (PoC)
CVE-2009-2550 EXPLOITDB perl WORKING POC
Hamster Audio Player 0.3a - Buffer Overflow
Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file.
EIP-2026-114575 EXPLOITDB html WORKING POC
ZaoCMS - 'user_updated.php' Remote Change Password
EIP-2026-114576 EXPLOITDB text WORKING POC
ZaoCMS - Insecure Cookie Handling
EIP-2026-114573 EXPLOITDB text WORKING POC
ZaoCMS - 'download.php' Remote File Disclosure
CVE-2009-4927 EXPLOITDB text WORKING POC
WB News 2.1.2 - Unauthenticated Authentication Bypass via WBNEWS Cookie
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.
EIP-2026-113261 EXPLOITDB text WORKING POC
webClassifieds 2005 - (Authentication Bypass) Insecure Cookie Handling
CVE-2009-1618 EXPLOITDB text WORKING POC
Teraway LiveHelp 2.0 - Unauthenticated Authentication Bypass via TWLHadmin Cookie
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1619 EXPLOITDB text WORKING POC
Teraway FileStream 1.0 - Unauthenticated Authentication Bypass via twFSadmin Cookie
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
CVE-2009-1617 EXPLOITDB text WORKING POC
Teraway LinkTracker 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
EIP-2026-112599 EXPLOITDB html WORKING POC
Teraway LinkTracker 1.0 - Remote Password Change
EIP-2026-112640 EXPLOITDB text WORKING POC
The Recipe Script 5 - Cross-Site Scripting
CVE-2009-1503 EXPLOITDB text WORKING POC
TigerDMS - SQL Injection via Login Username and Password Parameters
Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-4929 EXPLOITDB html WORKING POC
Sweetphp Totalcalender - Authentication Bypass
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.
EIP-2026-112877 EXPLOITDB html WORKING POC
Ultimate Media Script 2.0 - Remote Change Content
CVE-2009-1813 EXPLOITDB text WORKING POC
Submitterscript - SQL Injection
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).