sn0oPy

7 exploits Active since Feb 2007
CVE-2007-0873 EXPLOITDB text WRITEUP
nabopoll 1.1.2 - Unauthenticated Administrative Function Access via Direct Request
nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.
EIP-2026-109119 EXPLOITDB text WRITEUP
Liens_Dynamiques 2.1 - 'AdminLien.php' Security Restriction Bypass
EIP-2026-109120 EXPLOITDB text WRITEUP
Liens_Dynamiques 2.1 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-1043 EXPLOITDB text WRITEUP
Ezboo webstats - Unauthenticated Access Control Bypass via Direct Request
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
CVE-2007-1020 EXPLOITDB text WORKING POC
CedStat 1.31 - Cross-Site Scripting via hier Parameter
Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.
CVE-2007-1020 EXPLOITDB text WRITEUP
CedStat 1.31 - Cross-Site Scripting via hier Parameter
Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.
CVE-2007-1050 EXPLOITDB text WORKING POC
AbleDesign MyCalendar - Cross-Site Scripting via Index.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action.