ThE g0bL!N

92 exploits Active since Dec 2006
EIP-2026-112458 EXPLOITDB text WRITEUP
Studio Lounge Address Book 2.5 - Authentication Bypass
CVE-2009-4671 EXPLOITDB text WORKING POC
RoomPHPlanning 1.6 - Auth Bypass
Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.
EIP-2026-111719 EXPLOITDB text WRITEUP
Recipe Script 5.0 - 'First Name' HTML Injection
CVE-2009-1658 EXPLOITDB text WORKING POC
Realtywebware Realty Web-base - SQL Injection
Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
EIP-2026-112057 EXPLOITDB text WORKING POC
Simbas CMS 2.0 - Authentication Bypass
CVE-2009-1751 EXPLOITDB text WORKING POC
Realtywebware Realty Web-base - SQL Injection
SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-111303 EXPLOITDB text WORKING POC
Pixelactivo 3.0 - Authentication Bypass
CVE-2009-2179 EXPLOITDB text WORKING POC
phpDatingClub 3.7 - SQL Injection
SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter.
EIP-2026-110649 EXPLOITDB text WORKING POC
PHP Article Publisher - Arbitrary Authentication Bypass
CVE-2009-1587 EXPLOITDB text WORKING POC
Kalptarudemos Php Site Lock - Authentication Bypass
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
CVE-2009-2774 EXPLOITDB text WORKING POC
PHP Paid 4 Mail Script - SQL Injection
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-2341 EXPLOITDB text WORKING POC
Opial 1.0 - SQL Injection
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
CVE-2009-1852 EXPLOITDB text WORKING POC
Graphiks Myforum - SQL Injection
Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
EIP-2026-109846 EXPLOITDB text WORKING POC
NC LinkList 1.3.1 - Remote Command Injection
EIP-2026-109845 EXPLOITDB text WORKING POC
NC GBook 1.0 - Remote Command Injection
CVE-2009-4198 EXPLOITDB text WORKING POC
MyMiniBill - SQL Injection
SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action.
CVE-2009-1816 EXPLOITDB text WORKING POC
Mygamescript MY Game Script - SQL Injection
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
EIP-2026-109663 EXPLOITDB text WORKING POC
My Dealer CMS 2.0 - Authentication Bypass
EIP-2026-109614 EXPLOITDB text WORKING POC
MRCGIGUY Top Sites 1.0.0 - Insecure Cookie Handling
EIP-2026-109613 EXPLOITDB text WORKING POC
MRCGIGUY Thumbnail Gallery Post 1b - Arbitrary File Upload
CVE-2009-2639 EXPLOITDB text WORKING POC
MRCGIGUY The Ticket System 2.0 - SQL Injection
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
EIP-2026-109611 EXPLOITDB text WORKING POC
MRCGIGUY SimpLISTic SQL 2.0.0 - Insecure Cookie Handling
EIP-2026-109607 EXPLOITDB text WORKING POC
mrcgiguy freeticket - Cookie Handling / SQL Injection
EIP-2026-109427 EXPLOITDB html WORKING POC
Messages Library 2.0 - Arbitrary Administrator Account
CVE-2009-1582 EXPLOITDB text WORKING POC
Kalptarudemos Million Dollar Text Links - Access Control
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.