nukedx

41 exploits Active since Jan 2006
EIP-2026-100479 EXPLOITDB html WORKING POC
Pentacle In-Out Board 6.03 - 'login.asp' Remote Authentication Bypass
EIP-2026-100445 EXPLOITDB html WORKING POC
MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection
EIP-2026-100436 EXPLOITDB perl WORKING POC
MiniNuke 2.x - SQL Injection (Add Admin)
CVE-2006-0870 EXPLOITDB perl WORKING POC
Mini-Nuke CMS < 1.8.2 - SQL Injection via pages.asp id Parameter
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.
CVE-2006-0199 EXPLOITDB text WORKING POC
Mini-Nuke CMS System < 1.8.2 - SQL Injection via news.asp hid Parameter
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
CVE-2006-1213 EXPLOITDB html WORKING POC
JiRo's Banner System Experience and Professional <1.0 - Privilege E...
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
EIP-2026-100417 EXPLOITDB text WRITEUP
MaxiSepet 1.0 - 'link' SQL Injection
CVE-2006-0175 EXPLOITDB text WRITEUP
Web Wiz Forums 6.34 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2006-1109 EXPLOITDB text WORKING POC
Total Ecommerce 1.0 - SQL Injection
SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE.
CVE-2006-1000 EXPLOITDB perl WORKING POC
Pentacle In-Out Board <= 3.0 - SQL Injection via newsid or password Parameter
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
EIP-2026-100141 EXPLOITDB perl WORKING POC
ASPSitem 1.83 - 'Haberler.asp' SQL Injection
CVE-2006-2731 EXPLOITDB text WORKING POC
Enigma Haber < 4.3 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp.
CVE-2006-0961 EXPLOITDB perl WORKING POC
Cilem Hiber 1.1 - SQL Injection via haber_id Parameter
SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name.
CVE-2006-1333 EXPLOITDB perl WORKING POC
BetaParticle Blog <=6.0 - SQL Injection
Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.
CVE-2006-2794 EXPLOITDB text WRITEUP
ASPSitem <= 2.0 - Unauthenticated Private Message Exposure via Hesabim.asp ID Parameter
Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter.
CVE-2006-1353 EXPLOITDB perl WORKING POC
ASPPortal <= 3.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.