darkjoker

30 exploits Active since Oct 2008
CVE-2009-0111 EXPLOITDB perl WORKING POC
Goople CMS < 1.8.2 - SQL Injection via Username Parameter
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-0768 EXPLOITDB perl WORKING POC
YapBB < 1.2 - SQL Injection via forumID Parameter
SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action.
CVE-2009-3750 EXPLOITDB text WORKING POC
ToyLog 0.1 - SQL Injection via idm Parameter
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.
EIP-2026-112639 EXPLOITDB perl WORKING POC
The Rat CMS Alpha 2 - Blind SQL Injection
EIP-2026-112539 EXPLOITDB text WORKING POC
Syzygy CMS 0.3 - Authentication Bypass
CVE-2009-0371 EXPLOITDB perl WORKING POC
SiteXS CMS <= 0.1.1 - Path Traversal via Type Parameter
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
CVE-2009-0394 EXPLOITDB php WORKING POC
PLEs CMS 1.0 beta 4.2 - SQL Injection
SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter.
EIP-2026-111311 EXPLOITDB perl WORKING POC
Pizzis CMS 1.5.1 - Blind SQL Injection
EIP-2026-111127 EXPLOITDB php WORKING POC
phpMDJ 1.0.3 - 'id_animateur' Blind SQL Injection
EIP-2026-110995 EXPLOITDB php WORKING POC
phpBLASTER 1.0 RC1 - Blind SQL Injection
EIP-2026-110553 EXPLOITDB perl WORKING POC
Personal Site Manager 0.3 - Remote Command Execution
CVE-2009-0407 EXPLOITDB php WORKING POC
PHP-CMS Project 1 - SQL Injection via Username Parameter
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-0604 EXPLOITDB perl WORKING POC
php_director < 0.21 - SQL Injection via Searching Parameter
SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.
CVE-2009-0279 EXPLOITDB php WORKING POC
Pardal CMS <0.2.0 - SQL Injection
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-109765 EXPLOITDB text WORKING POC
MyFirstCMS 1.0.2 - Arbitrary File Delete
CVE-2009-3713 EXPLOITDB php WORKING POC
MorcegoCMS < 1.7.6 - SQL Injection via Fichero.php Query String
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.
EIP-2026-109177 EXPLOITDB php WORKING POC
Lito Lite CMS - Multiple Cross-Site Scripting / Blind SQL Injection Vulnerabilities
CVE-2009-0528 EXPLOITDB php WORKING POC
Rhadrix If-CMS <2.07 - SQL Injection
SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-107572 EXPLOITDB perl WORKING POC
Hedgehog-CMS 1.21 - Remote Command Execution
CVE-2009-0121 EXPLOITDB perl WORKING POC
Goople CMS 1.8.2 - SQL Injection via Password Parameter
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-106945 EXPLOITDB text WORKING POC
eVision CMS 2.0 - SQL Injection
CVE-2009-0326 EXPLOITDB text WORKING POC
Dark Age CMS 0.2c beta - SQL Injection
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3597 EXPLOITDB text WRITEUP
Digitaldesign CMS 0.1 - Info Disclosure
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.
CVE-2009-0326 EXPLOITDB text WRITEUP
Dark Age CMS 0.2c beta - SQL Injection
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-106332 EXPLOITDB text WORKING POC
d.net CMS - Arbitrary Reinstall/Blind SQL Injection