t0pP8uZz

120 exploits Active since Jun 2007
CVE-2008-1871 EXPLOITDB text WRITEUP
Scriptsagent.com Links Directory 1.1 - SQL Injection
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
EIP-2026-109068 EXPLOITDB perl WORKING POC
LaserNet CMS 1.5 - Arbitrary File Upload
CVE-2008-2833 EXPLOITDB perl WORKING POC
le.cms < 1.4 - Unauthenticated Arbitrary File Upload via admin/upload.php
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
CVE-2008-1727 EXPLOITDB perl WORKING POC
KnowledgeQuest 2.5 and 2.6 - Unauthenticated Arbitrary Admin Account Creation via admincheck.php
KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts.
CVE-2008-2282 EXPLOITDB text WORKING POC
Internet Photoshow and Internet Photoshow SE - Unauthenticated Authentication Bypass via login_admin Cookie
admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true.
CVE-2008-1859 EXPLOITDB text WORKING POC
iScripts SocialWare - SQL Injection
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
CVE-2007-6084 EXPLOITDB text WORKING POC
HotScripts Clone Script - SQL Injection
SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-107343 EXPLOITDB text WORKING POC
Gaming Directory 1.0 - 'cat_id' SQL Injection
CVE-2008-2353 EXPLOITDB text WRITEUP
gnugallery < 1.1.1.0 - Path Traversal via show Parameter
Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
EIP-2026-107366 EXPLOITDB perl WORKING POC
GeekLog 1.5.0 - Arbitrary File Upload
CVE-2008-2279 EXPLOITDB text WORKING POC
Freelance Auction Script 1.0 - Plaintext Password Storage
Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table.
CVE-2007-3609 EXPLOITDB text WORKING POC
eMeeting Online Dating Software 5.2 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors.
CVE-2008-2277 EXPLOITDB text WORKING POC
Feedback and Rating Script 1.0 - SQL Injection via detail.php listingid Parameter
SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
CVE-2008-2921 EXPLOITDB text WRITEUP
EZCMS < 1.2 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2007-3882 EXPLOITDB text WORKING POC
Expert Advisor - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1788 EXPLOITDB text WORKING POC
Prozilla Entertainers <1.1 - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3461 EXPLOITDB text WORKING POC
elkagroup Image Gallery 1.0 - SQL Injection via pid Parameter
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2007-3452 EXPLOITDB text WORKING POC
edocstore - SQL Injection via doc_id Parameter
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
EIP-2026-106723 EXPLOITDB text WORKING POC
Easynet Forum Host - 'forum.php' SQL Injection
CVE-2007-3520 EXPLOITDB text WORKING POC
Easybe 1-2-3 Music Store - SQL Injection via CategoryID Parameter
SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
CVE-2007-6392 EXPLOITDB text WORKING POC
DWdirectory < 2.1 - SQL Injection via Search Parameter
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.
EIP-2026-106710 EXPLOITDB text WRITEUP
Easycms 0.4.2 - Multiple Vulnerabilities
CVE-2008-1872 EXPLOITDB text WRITEUP
Comdev News Publisher 4.1.2 - SQL Injection
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3526 EXPLOITDB text WORKING POC
Buddy Zone < 1.5 - SQL Injection via News ID, Category ID, or Member ID Parameter
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
CVE-2007-3979 EXPLOITDB text WORKING POC
BlogSite Professional < 1.2 - SQL Injection via news_id Parameter
SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.