YEnH4ckEr

65 exploits Active since Jun 2008
EIP-2026-111533 EXPLOITDB text WRITEUP
projectCMS 1.1b - Multiple Vulnerabilities
CVE-2009-1500 EXPLOITDB text WORKING POC
Projectcms - SQL Injection
SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.
CVE-2009-2608 EXPLOITDB text WORKING POC
PHP Address Book 4.0.x - SQL Injection
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
EIP-2026-110612 EXPLOITDB text WORKING POC
photo-rigma.biz 30 - SQL Injection / Cross-Site Scripting
EIP-2026-110106 EXPLOITDB perl WORKING POC
Online Grades & Attendance 3.2.6 - Credentials Changer SQL
CVE-2009-2598 EXPLOITDB perl WORKING POC
Online Grades & Attendance <3.2.6 - SQL Injection
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
CVE-2009-2037 EXPLOITDB text WORKING POC
Online Grades & Attendance <3.2.6 - Path Traversal
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php.
CVE-2009-2598 EXPLOITDB text WORKING POC
Online Grades & Attendance <3.2.6 - SQL Injection
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
CVE-2009-2036 EXPLOITDB perl WORKING POC
Open Biller 0.1 - SQL Injection
SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-1825 EXPLOITDB text WORKING POC
Collector Mycolex - Authentication Bypass
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
CVE-2009-1826 EXPLOITDB text WORKING POC
Collector Mygesuad - Authentication Bypass
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
EIP-2026-109489 EXPLOITDB text WORKING POC
minitwitter 0.3-beta - SQL Injection / Cross-Site Scripting
CVE-2009-2574 EXPLOITDB html WORKING POC
MiniTwitter 0.2 - Command Injection
index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action.
CVE-2009-2573 EXPLOITDB text WORKING POC
MiniTwitter 0.2 - SQL Injection
Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php.
CVE-2009-1661 EXPLOITDB perl WORKING POC
Anoldman Utopic - SQL Injection
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
CVE-2009-2451 EXPLOITDB text WORKING POC
MIM:InfiniX <1.2.003 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form.
EIP-2026-109499 EXPLOITDB text WRITEUP
mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosure
CVE-2009-2164 EXPLOITDB perl WORKING POC
Kjtechforce Mailman Beta1 - SQL Injection
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
CVE-2009-1615 EXPLOITDB text WORKING POC
Gowondesigns Leap - Unrestricted File Upload
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.
CVE-2009-1613 EXPLOITDB perl WORKING POC
Gowondesigns Leap - SQL Injection
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
CVE-2009-2164 EXPLOITDB text WORKING POC
Kjtechforce Mailman Beta1 - SQL Injection
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
EIP-2026-108924 EXPLOITDB text WORKING POC
Jorp 1.3.05.09 - Arbitrary Remove Projects/Tasks
CVE-2009-2290 EXPLOITDB text WORKING POC
Boy Scout Advancement <0.3 - SQL Injection
SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php.
EIP-2026-107784 EXPLOITDB text WRITEUP
ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition / Information Disclosure
CVE-2009-2113 EXPLOITDB python WORKING POC
FretsWeb 1.2 - SQL Injection
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.