ThE g0bL!N

CVE-2009-4200 EXPLOITDB perl WORKING POC

Joomla! Seminar <1.28 - SQL Injection

SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.

View Code

EIP-2026-108115 EXPLOITDB text WRITEUP

JobHut 1.2 - Remote Password Change/Delete/Activate User

View Code

CVE-2009-2366 EXPLOITDB text WORKING POC

DataCheck Solutions ForumPal FE 1.1 & 1.5 - SQL Injection

SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.

View Code

CVE-2009-2040 EXPLOITDB html WORKING POC

Grestul 1.2 - Unauthenticated Authentication Bypass and Administrative Account Creation via Direct Request

admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request.

View Code

EIP-2026-107237 EXPLOITDB text WORKING POC

freepost 0.1 r1 - Multiple Vulnerabilities

View Code

EIP-2026-106839 EXPLOITDB text WORKING POC

eLitius 1.0 - Arbitrary Database Backup

View Code

EIP-2026-106838 EXPLOITDB html WORKING POC

eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password

View Code

CVE-2009-2025 EXPLOITDB text WORKING POC

DM FileManager 3.9.2 - Unauthenticated Authentication Bypass via Cookie Manipulation

admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.

View Code

CVE-2009-1847 EXPLOITDB text WORKING POC

Easy PX 41 CMS 9.0 B1 - Path Traversal via Fiche Parameter

Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fiche parameter.

View Code

CVE-2009-2325 EXPLOITDB text WORKING POC

Clicknet CMS 2.1 - Path Traversal via Side Parameter

Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.

View Code

EIP-2026-105961 EXPLOITDB text WORKING POC

CMS buzz - Cross-Site Scripting / Password Change / HTML Injection

View Code

CVE-2009-2235 EXPLOITDB text WORKING POC

Your Articles Directory - SQL Injection

SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2009-2397 EXPLOITDB text WORKING POC

Audio Article Directory - Path Traversal

Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.

View Code

CVE-2009-3367 EXPLOITDB text WORKING POC

An image gallery 1.0 - Cross-Site Scripting via Path and Show Parameters

Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View Code

EIP-2026-104892 EXPLOITDB text WORKING POC

Absolute Form Processor XE-V 1.5 - Authentication Bypass

View Code

EIP-2026-100087 EXPLOITDB text WRITEUP

Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection

View Code

EIP-2026-100088 EXPLOITDB html WORKING POC

Absolute Form Processor XE-V 1.5 - Remote Change Password

View Code