Unohope

23 exploits Active since Jul 2007
CVE-2008-3306 EXPLOITDB WORKING POC
C. Desseno YouTube Blog (ytb) 0.1 - SQL Injection
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3307 EXPLOITDB text WORKING POC
C. Desseno YouTube Blog ytb 0.1 - SQL Injection
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
CVE-2008-3305 EXPLOITDB text WORKING POC
carlos_desseno youtube_blog 0.1 - Cross-Site Scripting via mensaje.php m Parameter
Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
CVE-2007-3889 EXPLOITDB text WORKING POC
insanely_simple_blog < 0.5 - SQL Injection via current_subsection Parameter
Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.
CVE-2008-2668 EXPLOITDB text WORKING POC
yBlog 0.2.2.2 - Cross-Site Scripting via q Parameter in search.php or n Parameter in user.php or uss.php
Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.
EIP-2026-119566 EXPLOITDB python WORKING POC
Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow
CVE-2008-3308 EXPLOITDB text WORKING POC
C. Desseno YouTube Blog 0.1 - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter.
CVE-2008-2669 EXPLOITDB text WORKING POC
yBlog 0.2.2.2 - SQL Injection via Search or User Parameters
Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.
CVE-2008-2479 EXPLOITDB text WORKING POC
phpFix 2.0 - SQL Injection via kind or account Parameter
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
CVE-2008-2479 EXPLOITDB text WORKING POC
phpFix 2.0 - SQL Injection via kind or account Parameter
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
CVE-2008-2670 EXPLOITDB text WORKING POC
Insanelysimple2 Isblog - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889.
CVE-2008-2672 EXPLOITDB text WORKING POC
erfurtwiki < r1.02b - Path Traversal via ewiki_id, ewiki_action, or id Parameter
Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) ewiki_id and (2) ewiki_action parameters to fragments/css.php, and possibly the (3) id parameter to the default URI. NOTE: the default URI is site-specific but often performs an include_once of ewiki.php.
CVE-2008-2671 EXPLOITDB text WORKING POC
DCFM Blog 0.9.4 - SQL Injection via Comments id Parameter
SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6618 EXPLOITDB text WORKING POC
ClassSystem 2.3 - SQL Injection via teacher_id and message_id Parameters
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
CVE-2008-6618 EXPLOITDB text WORKING POC
ClassSystem 2.3 - SQL Injection via teacher_id and message_id Parameters
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
CVE-2008-6618 EXPLOITDB text WORKING POC
ClassSystem 2.3 - SQL Injection via teacher_id and message_id Parameters
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
CVE-2008-6619 EXPLOITDB html WORKING POC
ClassSystem 2.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ApplyDB.php
Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/.
CVE-2008-5264 EXPLOITDB text WORKING POC
Tornado Knowledge Retrieval System <4.2 - XSS
Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action.
EIP-2026-100588 EXPLOITDB html WORKING POC
The Campus Request Repairs System 1.2 - 'sentout.asp' Unauthorized Access
CVE-2008-2492 EXPLOITDB text WORKING POC
Campus Bulletin Board 3.4 - SQL Injection via id or review Parameter
Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp.
CVE-2008-2509 EXPLOITDB text WRITEUP
excuse_online - SQL Injection via pwd.asp pID Parameter
SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter.
CVE-2008-2492 EXPLOITDB text WORKING POC
Campus Bulletin Board 3.4 - SQL Injection via id or review Parameter
Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp.
CVE-2008-2493 EXPLOITDB text WRITEUP
Campus Bulletin Board 3.4 - Cross-Site Scripting via Review Parameter
Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus Bulletin Board 3.4 allows remote attackers to inject arbitrary web script or HTML via the review parameter.