ThE g0bL!N

92 exploits Active since Dec 2006
EIP-2026-117262 EXPLOITDB perl WORKING POC
Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer (SEH) (1)
CVE-2009-3428 EXPLOITDB perl WORKING POC
Otbcode Easy Music Player - Memory Corruption
Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file.
CVE-2009-3429 EXPLOITDB perl WORKING POC
Pirateradio Destiny Media Player - Memory Corruption
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
EIP-2026-116340 EXPLOITDB perl WORKING POC
Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH)
EIP-2026-116405 EXPLOITDB python WORKING POC
TFTPUtil GUI 1.3.0 - Remote Denial of Service
EIP-2026-116280 EXPLOITDB perl WORKING POC
Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH)
EIP-2026-116074 EXPLOITDB perl WORKING POC
Playlistmaker 1.5 - '.m3u' / '.M3L' / '.TXT' Local Stack Overflow (PoC)
CVE-2009-2384 EXPLOITDB perl WORKING POC
Brothersoft PEamp 1.02b - Buffer Overflow
Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
EIP-2026-115419 EXPLOITDB perl WORKING POC
Icarus 2.0 - '.ICP' Local Stack Overflow (PoC)
EIP-2026-115566 EXPLOITDB perl WORKING POC
M3U/M3L to ASX/WPL 1.1 - '.asx' / '.m3u' / '.m3l' Local Buffer Overflow (PoC)
CVE-2009-2550 EXPLOITDB perl WORKING POC
Hamster Audio Player 0.3a - Buffer Overflow
Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file.
EIP-2026-114575 EXPLOITDB html WORKING POC
ZaoCMS - 'user_updated.php' Remote Change Password
EIP-2026-114576 EXPLOITDB text WORKING POC
ZaoCMS - Insecure Cookie Handling
EIP-2026-114573 EXPLOITDB text WORKING POC
ZaoCMS - 'download.php' Remote File Disclosure
CVE-2009-4927 EXPLOITDB text WORKING POC
Webmobo Wbnews - Authentication Bypass
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.
EIP-2026-113261 EXPLOITDB text WORKING POC
webClassifieds 2005 - (Authentication Bypass) Insecure Cookie Handling
CVE-2009-1618 EXPLOITDB text WORKING POC
Teraway Livehelp - Authentication Bypass
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1619 EXPLOITDB text WORKING POC
Teraway Filestream - Authentication Bypass
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
CVE-2009-1617 EXPLOITDB text WORKING POC
Teraway Linktracker - Authentication Bypass
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
EIP-2026-112599 EXPLOITDB html WORKING POC
Teraway LinkTracker 1.0 - Remote Password Change
EIP-2026-112640 EXPLOITDB text WORKING POC
The Recipe Script 5 - Cross-Site Scripting
CVE-2009-1503 EXPLOITDB text WORKING POC
Tigerdms - SQL Injection
Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-4929 EXPLOITDB html WORKING POC
Sweetphp Totalcalender - Authentication Bypass
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.
EIP-2026-112877 EXPLOITDB html WORKING POC
Ultimate Media Script 2.0 - Remote Change Content
CVE-2009-1813 EXPLOITDB text WORKING POC
Submitterscript - SQL Injection
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).