t0pP8uZz

120 exploits Active since Jun 2007
CVE-2008-6523 EXPLOITDB perl WORKING POC
Cale Dunlap Openinvoice - Authentication Bypass
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
CVE-2007-3589 EXPLOITDB text WORKING POC
B1gbb - SQL Injection
Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php.
CVE-2007-3447 EXPLOITDB text WORKING POC
Bugmall Shopping Cart - SQL Injection
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.
CVE-2007-3446 EXPLOITDB text WORKING POC
BugMall Shopping Cart <2.5 - Info Disclosure
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
CVE-2007-3433 EXPLOITDB text WORKING POC
Netart Media Pharmacy System < 2 - SQL Injection
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.
CVE-2008-5123 EXPLOITDB text WORKING POC
Castillocentral Ccleague - SQL Injection
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVE-2008-4877 EXPLOITDB text WRITEUP
Webcards < 1.3 - SQL Injection
SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-2920 EXPLOITDB text WRITEUP
Eztechhelp Ezcms < 1.2 - Authentication Bypass
admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files.
CVE-2008-2857 EXPLOITDB text WORKING POC
Alstrasoft Askme < 2.1 - Credentials Management
AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-2278 EXPLOITDB text WORKING POC
Freelanceauction Freelance Auction Script - SQL Injection
SQL injection vulnerability in browseproject.php in Freelance Auction Script 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a pdetails action.
CVE-2008-1772 EXPLOITDB text WORKING POC
iScripts SocialWare - Info Disclosure
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-1711 EXPLOITDB text WORKING POC
Terong PHP Photo Gallery 1.0 - Info Disclosure
Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-1790 EXPLOITDB text WORKING POC
iScripts SocialWare - File Upload
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
CVE-2008-0429 EXPLOITDB text WORKING POC
Alstrasoft Forum Pay Per Post Exchange - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
CVE-2008-2922 EXPLOITDB perl WORKING POC
T0pp8uzz Dana Irc Client < 1.3 - Memory Corruption
Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.
CVE-2008-5216 EXPLOITDB text WORKING POC
AJ Square ZeusCart <2.0 - SQL Injection
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-3518 EXPLOITDB text WORKING POC
Hispah Youtube Clone Script - SQL Injection
SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3981 EXPLOITDB text WORKING POC
Wsn Links - SQL Injection
SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.
CVE-2008-6714 EXPLOITDB text WORKING POC
Xecms - Authentication Bypass
admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie.
CVE-2008-1874 EXPLOITDB perl WORKING POC
Xpoze Pro <3.05 - SQL Injection
SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter.
CVE-2008-6811 EXPLOITDB perl WORKING POC
Instinct E-commerce Plugin < 3.4 - Unrestricted File Upload
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.
CVE-2008-4878 EXPLOITDB text WRITEUP
Webcards < 1.3 - Improper Input Validation
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.
CVE-2008-2298 EXPLOITDB text WORKING POC
Sourceforge Web Slider - Authentication Bypass
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
EIP-2026-113248 EXPLOITDB text WRITEUP
WebBoard 2.0 - Arbitrary SQL Question/Anwser Delete
CVE-2008-6209 EXPLOITDB text WORKING POC
Vastal Software Zone - SQL Injection
SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.