t0pP8uZz

120 exploits Active since Jun 2007
CVE-2008-1785 EXPLOITDB text WRITEUP
Prozilla Top 100 1.2 - RCE
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
EIP-2026-111560 EXPLOITDB text WORKING POC
Prozilla Software Index 1.1 - SQL Injection
CVE-2008-1783 EXPLOITDB text WRITEUP
Prozilla Reviews 1.0 - RCE
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
CVE-2007-4258 EXPLOITDB text WORKING POC
Prozilla Pub Site Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-4054 EXPLOITDB text WORKING POC
PHP123 Top Sites - SQL Injection
SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-2823 EXPLOITDB text WRITEUP
Phpeasynews Phpeasyblog < 1.13 - SQL Injection
SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
CVE-2008-1305 EXPLOITDB text WORKING POC
Filebase mod for phpBB - SQL Injection
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-110906 EXPLOITDB text WRITEUP
PHP-Ultimate WebBoard 2.0 - 'admindel.php' Multiple Input Validation Vulnerabilities
CVE-2007-6462 EXPLOITDB text WORKING POC
PHP Real Estate Classifieds - SQL Injection
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2294 EXPLOITDB perl WORKING POC
Mreaves Pet Grooming Management System - Access Control
Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin."
CVE-2007-3434 EXPLOITDB text WORKING POC
Pharmacy System <2 - Info Disclosure
index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.
CVE-2008-1875 EXPLOITDB text WORKING POC
Terong PHP Photo Gallery 1.0 - SQL Injection
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.
CVE-2007-5752 EXPLOITDB perl WORKING POC
Agtc Websolutions Php-agtc Membership System - Authentication Bypass
adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.
CVE-2008-2890 EXPLOITDB text WRITEUP
Offl Online Fantasy Football League - SQL Injection
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
CVE-2008-6524 EXPLOITDB perl WORKING POC
Cale Dunlap Openinvoice < 0.90 - Credentials Management
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
CVE-2008-2347 EXPLOITDB perl WORKING POC
Mypicgallery - Authentication Bypass
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
CVE-2008-1791 EXPLOITDB text WORKING POC
My Gaming Ladder <7.5 - SQL Injection
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
CVE-2008-0911 EXPLOITDB html WORKING POC
Iscripts Multicart - SQL Injection
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
CVE-2008-2293 EXPLOITDB text WORKING POC
Tpvgames Mpcs - Access Control
admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.
CVE-2008-3123 EXPLOITDB text WORKING POC
Mole Group Real Estate Script <1.1 - SQL Injection
SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
CVE-2008-3124 EXPLOITDB text WRITEUP
Mole Group Hotel Script 1.0 - SQL Injection
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.
CVE-2008-3125 EXPLOITDB text WRITEUP
Mole Group Lastminute Script 4.0 - SQL Injection
SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-5992 EXPLOITDB text WORKING POC
datecomm Social Networking Script - SQL Injection
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.
CVE-2008-6814 EXPLOITDB perl WORKING POC
JAN DE Graaff Com Simpleboard < 1.0.1 - Improper Input Validation
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
CVE-2008-2348 EXPLOITDB perl WORKING POC
Meltingicefs Meltingice File System - Access Control
MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.