ppp-design

8 exploits Active since Jun 2002
CVE-2002-0553 EXPLOITDB text WORKING POC
SunShop Shopping Cart <= 2.5 - Cross-Site Scripting in Customer Registration
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
CVE-2002-1480 EXPLOITDB text WORKING POC
phpgb - Stored Cross-Site Scripting via Guestbook Entry Deletion
Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
EIP-2026-110899 EXPLOITDB text WORKING POC
PHP-ping - 'Count' Command Execution
CVE-2002-1481 EXPLOITDB text WORKING POC
phpgb <= 1.20 - Unauthenticated Arbitrary PHP Code Execution via savesettings.php
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
CVE-2002-1482 EXPLOITDB text WRITEUP
phpGB 1.20 - SQL Injection via Login Password Parameter
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
CVE-2002-2343 EXPLOITDB text WRITEUP
NOCC 0.9-0.9.5 - Cross-Site Scripting via Email Messages
Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages.
CVE-2002-0613 EXPLOITDB text WORKING POC
dnstools < 2.0 beta 4 - Unauthenticated Privilege Escalation via Parameter Manipulation
dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.
CVE-2002-0599 EXPLOITDB text WORKING POC
blahz-dns 0.2 - Unauthenticated Configuration Modification via Direct CGI Request
Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.