t0pP8uZz

120 exploits Active since Jun 2007
CVE-2008-2298 EXPLOITDB text WORKING POC
Web Slider 0.6 - Unauthenticated Privilege Escalation via Admin Cookie
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
CVE-2008-1954 EXPLOITDB perl WORKING POC
Web Calendar Pro <4.1 - SQL Injection
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2007-3840 EXPLOITDB text WORKING POC
sitetrafficstats - SQL Injection via referralUrl.php offset parameter
SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.
CVE-2007-3515 EXPLOITDB text WORKING POC
TotalCalendar < 2.402 - SQL Injection via view_event.php id Parameter
SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3582 EXPLOITDB text WORKING POC
SuperCali PHP Event Calendar 0.4.0 - SQL Injection via o Parameter
SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter.
CVE-2008-6081 EXPLOITDB text WRITEUP
Simple Customer 1.2 - SQL Injection
SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-112336 EXPLOITDB text WRITEUP
Software Index 1.1 - 'cid' SQL Injection
CVE-2008-2834 EXPLOITDB perl WORKING POC
Scientific Image DataBase 0.41 - SQL Injection via projects.php id Parameter
SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1316 EXPLOITDB html WORKING POC
QT-cute QuickTalk Forum <1.6 - SQL Injection
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2297 EXPLOITDB text WORKING POC
Rantx - Unauthenticated Authentication Bypass via logininfo Cookie
The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison.
CVE-2007-3810 EXPLOITDB text WORKING POC
Realtor 747 - SQL Injection via CategoryID Parameter
SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
CVE-2008-1783 EXPLOITDB text WRITEUP
Prozilla Reviews 1.0 - Unauthenticated Arbitrary User Deletion via UserID Parameter
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
EIP-2026-111560 EXPLOITDB text WORKING POC
Prozilla Software Index 1.1 - SQL Injection
CVE-2008-1785 EXPLOITDB text WRITEUP
Prozilla Top 100 1.2 - Authenticated Arbitrary Account Deletion via Modified s Parameter
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
CVE-2007-4258 EXPLOITDB text WORKING POC
Prozilla Pub Site Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-2114 EXPLOITDB text WRITEUP
Pre Shopping Mall 1.1 - SQL Injection via Search Parameter
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2008-1863 EXPLOITDB text WRITEUP
Prozilla Cheat Script 2.0 - SQL Injection
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3809 EXPLOITDB text WORKING POC
Prozilla Directory Script - SQL Injection via cat_id Parameter
Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.
CVE-2008-1784 EXPLOITDB text WRITEUP
Prozilla Topsites 1.0 - Unauthenticated Administrative Action Execution via Direct Request
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
EIP-2026-111270 EXPLOITDB perl WORKING POC
Picture Rating 1.0 - Blind SQL Injection
CVE-2007-3881 EXPLOITDB text WORKING POC
Pictures Rating - SQL Injection via msgid Parameter
SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
CVE-2008-1971 EXPLOITDB text WORKING POC
phShoutBox Final <1.5 - Privilege Escalation
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
CVE-2008-1870 EXPLOITDB perl WORKING POC
PIGMy-SQL <= 1.4.1 - SQL Injection via getdata.php id Parameter
SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4362 EXPLOITDB text WORKING POC
Prozilla Webring - SQL Injection via Category Parameter
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
EIP-2026-111558 EXPLOITDB text WORKING POC
Prozilla Gaming Directory 1.0 - SQL Injection