YEnH4ckEr

65 exploits Active since Jun 2008
CVE-2009-1489 EXPLOITDB text WORKING POC
Fungamez RC1 - Unauthenticated Authentication Bypass via User Cookie Parameter
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.
CVE-2009-2109 EXPLOITDB text WRITEUP
FretsWeb 1.2 - Path Traversal via Language Parameter or Cookie
Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.
EIP-2026-107202 EXPLOITDB text WORKING POC
fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload
CVE-2009-2010 EXPLOITDB perl WORKING POC
Haudenschilt Family Connections CMS <1.9 - SQL Injection
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.
CVE-2009-1843 EXPLOITDB text WORKING POC
Flash Quiz Beta 2 - SQL Injection via Quiz or Order Number Parameter
Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php.
CVE-2009-1626 EXPLOITDB text WORKING POC
EZ-Blog - SQL Injection via Category Parameter
SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter.
EIP-2026-106500 EXPLOITDB text WORKING POC
Dog Pedigree Online Database 1.0.1b - Insecure Cookie Handling
EIP-2026-106501 EXPLOITDB text WORKING POC
Dog Pedigree Online Database 1.0.1b - Multiple SQL Injections
EIP-2026-106499 EXPLOITDB perl WORKING POC
Dog Pedigree Online Database 1.0.1b - Blind SQL Injection
EIP-2026-105876 EXPLOITDB perl WORKING POC
ClanTiger 1.1.1 - 'slug' Blind SQL Injection
EIP-2026-105878 EXPLOITDB text WORKING POC
ClanTiger < 1.1.1 - Multiple Insecure Cookie Handling Vulnerabilities
EIP-2026-105877 EXPLOITDB text WORKING POC
ClanTiger 1.1.1 - Authentication Bypass
CVE-2009-1778 EXPLOITDB perl WORKING POC
BigACE CMS 2.5 - SQL Injection via Username Parameter
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
EIP-2026-105146 EXPLOITDB python WORKING POC
AlumniServer 1.0.1 - 'resetpwemail' Blind SQL Injection
EIP-2026-105147 EXPLOITDB text WORKING POC
AlumniServer 1.0.1 - Authentication Bypass