TiGeR-Dz - Security Researcher - Exploit Intelligence Platform

CVE-2009-1651 EXPLOITDB text WORKING POC

2daybiz Business Community Script - SQL Injection

SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.

View Code

CVE-2006-5905 EXPLOITDB text WRITEUP

Web Directory Pro - Info Disclosure

Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php.

View Code

CVE-2009-3058 EXPLOITDB python WORKING POC

Aksoft Akplayer - Memory Corruption

Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file.

View Code

CVE-2009-2604 EXPLOITDB text WORKING POC

Zen Help Desk 2.1 - SQL Injection

Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.

View Code

EIP-2026-113326 EXPLOITDB text WRITEUP

webLeague 2.2.0 - 'install.php' Remote Change Password

View Code

EIP-2026-113216 EXPLOITDB html WORKING POC

Web Directory PRO - 'Admins.php' Change Admin Password

View Code

CVE-2009-1662 EXPLOITDB text WORKING POC

Recipescript Recipe Script - SQL Injection

Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php.

View Code

EIP-2026-112482 EXPLOITDB text WRITEUP

SuperCali PHP Event Calendar - Arbitrary Change Admin Password

View Code

CVE-2009-1941 EXPLOITDB text WORKING POC

PAD Site Scripts <3.6 - Info Disclosure

PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt.

View Code

EIP-2026-109610 EXPLOITDB text WORKING POC

MRCGIGUY Message Box 1.0 - Insecure Cookie Handling

View Code

EIP-2026-109605 EXPLOITDB text WORKING POC

MRCGIGUY Amazon Directory 1.0/2.0 - Insecure Cookie Handling

View Code

EIP-2026-109606 EXPLOITDB text WORKING POC

MRCGIGUY ClickBank Directory 1.0.1 - Insecure Cookie Handling

View Code

EIP-2026-109609 EXPLOITDB text WORKING POC

MRCGIGUY Hot Links SQL 3.2.0 - Insecure Cookie Handling

View Code

EIP-2026-109612 EXPLOITDB text WORKING POC

MRCGIGUY The Ticket System 2.0 - Insecure Cookie Handling

View Code

EIP-2026-109615 EXPLOITDB text WORKING POC

MRCGIGUY Ultimate Profit Portal 1.0.1 - Insecure Cookie Handling

View Code

EIP-2026-107630 EXPLOITDB html WORKING POC

Host Directory PRO 2.1.0 - Remote Change Admin Password

View Code

CVE-2009-1610 EXPLOITDB html WRITEUP

Jobscript Job Script Job Board Software - Access Control

admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request.

View Code

EIP-2026-107330 EXPLOITDB html WORKING POC

Gallarific - 'user.php' Arbirary Change Admin Information

View Code

CVE-2009-2233 EXPLOITDB text WORKING POC

AWScripts.com Gallery Search Engine 1.5 - Auth Bypass

The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.

View Code

EIP-2026-105316 EXPLOITDB text WORKING POC

Automated link exchange portal 1.3 - Multiple Vulnerabilities

View Code

CVE-2009-1652 EXPLOITDB text WORKING POC

2daybiz Business Community Script - Access Control

admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request.

View Code

CVE-2009-1767 EXPLOITDB text WORKING POC

2daybiz Template Monster Clone - Access Control

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.

View Code

CVE-2009-1638 EXPLOITDB text WORKING POC

T-dreams Job Career Package - Authentication Bypass

Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login.

View Code

CVE-2009-2602 EXPLOITDB text WORKING POC

R2 Newsletter Lite/Pro/Stats - Info Disclosure

R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.

View Code