kurdish hackers team

19 exploits Active since Dec 2005
CVE-2009-4623 NOMISEC WORKING POC
Advanced Comment System 1.0 - Remote Code Execution via ACS_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598.
EIP-2026-112966 EXPLOITDB text WRITEUP
Vanira CMS - 'vtpidshow' SQL Injection
EIP-2026-112612 EXPLOITDB text WRITEUP
TextPattern 4.2 - 'index.php' Cross-Site Scripting
CVE-2009-3362 EXPLOITDB text WORKING POC
SZNews 2.7 - Remote Code Execution via printnews.php3 id Parameter
PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
CVE-2009-4096 EXPLOITDB text WRITEUP
RADIO istek scripti 2.5 - Info Disclosure
RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.
EIP-2026-111362 EXPLOITDB text WRITEUP
PluggedOut Blog 1.9.9 - 'year' Cross-Site Scripting
CVE-2006-0366 EXPLOITDB text WORKING POC
phpclanwebsite - Cross-Site Scripting via BBCode img Tag
Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag.
CVE-2009-4222 EXPLOITDB text WRITEUP
phpBazar <2.1.1fix - Info Disclosure
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
EIP-2026-110042 EXPLOITDB text WRITEUP
OneCMS 2.6.4 - Multiple SQL Injections
EIP-2026-110183 EXPLOITDB text WRITEUP
Online store PHP script - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-109928 EXPLOITDB text WRITEUP
Newsportal 0.37 - 'post.php' Cross-Site Scripting
EIP-2026-107530 EXPLOITDB text WRITEUP
GuppY 4.6.14 - 'lng' Multiple SQL Injections
EIP-2026-107352 EXPLOITDB text WRITEUP
Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection
CVE-2005-4588 EXPLOITDB text WORKING POC
Koobi 5 - Cross-Site Scripting via Nested Malformed URL BBCode Tags
Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3055 EXPLOITDB text WORKING POC
DataLife Engine 8.2 - Remote Code Execution via dle_config_api Parameter
PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter.
EIP-2026-105815 EXPLOITDB text WORKING POC
ChatLakTurk PHP Botlu Video - 'ara.php' Cross-Site Scripting
CVE-2009-4623 EXPLOITDB text WRITEUP
Advanced Comment System 1.0 - Remote Code Execution via ACS_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598.
EIP-2026-100464 EXPLOITDB text WRITEUP
Omer Portal 3.220060425 - 'arama_islem.asp' Cross-Site Scripting
EIP-2026-100132 EXPLOITDB text WRITEUP
Aspgwy Access 1.0 - 'matchword' Cross-Site Scripting