t0pP8uZz

120 exploits Active since Jun 2007
CVE-2008-1785 EXPLOITDB text WRITEUP
Prozilla Top 100 1.2 - Authenticated Arbitrary Account Deletion via Modified s Parameter
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
EIP-2026-111560 EXPLOITDB text WORKING POC
Prozilla Software Index 1.1 - SQL Injection
CVE-2008-1783 EXPLOITDB text WRITEUP
Prozilla Reviews 1.0 - Unauthenticated Arbitrary User Deletion via UserID Parameter
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
CVE-2007-4258 EXPLOITDB text WORKING POC
Prozilla Pub Site Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-4054 EXPLOITDB text WORKING POC
PHP123 Top Sites - SQL Injection via Category Parameter
SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-2823 EXPLOITDB text WRITEUP
PHPeasyblog < 1.13 - SQL Injection via Newsarchive Post Parameter
SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
CVE-2008-1305 EXPLOITDB text WORKING POC
Filebase mod for phpBB - SQL Injection
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-110906 EXPLOITDB text WRITEUP
PHP-Ultimate WebBoard 2.0 - 'admindel.php' Multiple Input Validation Vulnerabilities
CVE-2007-6462 EXPLOITDB text WORKING POC
PHP Real Estate Classifieds - SQL Injection
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2294 EXPLOITDB perl WORKING POC
Pet Grooming Management System 2.0 - Privilege Escalation via Direct Request to useradded.php
Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin."
CVE-2007-3434 EXPLOITDB text WORKING POC
Pharmacy System <2 - Info Disclosure
index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.
CVE-2008-1875 EXPLOITDB text WORKING POC
Terong PHP Photo Gallery 1.0 - SQL Injection
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.
CVE-2007-5752 EXPLOITDB perl WORKING POC
PHP-AGTC Membership System 1.1a - Unauthenticated Account Creation via adduser.php
adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.
CVE-2008-2890 EXPLOITDB text WRITEUP
Online Fantasy Football League <= 0.2.6 - SQL Injection via fflteam_id, league_id, or player_id Parameter
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
CVE-2008-6524 EXPLOITDB perl WORKING POC
openInvoice < 0.90 - Authenticated Arbitrary Password Reset via UID Parameter
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
CVE-2008-2347 EXPLOITDB perl WORKING POC
MyPicGallery 1.0 - Unauthenticated Authentication Bypass via userID Parameter
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
CVE-2008-1791 EXPLOITDB text WORKING POC
My Gaming Ladder <7.5 - SQL Injection
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
CVE-2008-0911 EXPLOITDB html WORKING POC
iScripts MultiCart 2.0 - Authenticated SQL Injection via productid Parameter
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
CVE-2008-2293 EXPLOITDB text WORKING POC
Tpvgames Mpcs - Access Control
admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.
CVE-2008-3123 EXPLOITDB text WORKING POC
Mole Group Real Estate Script <1.1 - SQL Injection
SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
CVE-2008-3124 EXPLOITDB text WRITEUP
Mole Group Hotel Script 1.0 - SQL Injection
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.
CVE-2008-3125 EXPLOITDB text WRITEUP
Mole Group Lastminute Script 4.0 - SQL Injection
SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-5992 EXPLOITDB text WORKING POC
datecomm Social Networking Script - SQL Injection
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.
CVE-2008-6814 EXPLOITDB perl WORKING POC
com_simpleboard < 1.0.1 - Unauthenticated Arbitrary File Upload via image_upload.php
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
CVE-2008-2348 EXPLOITDB perl WORKING POC
MeltingIce File System 1.0 - Unauthenticated Authentication Bypass and Privilege Escalation via Direct Request
MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.