t0pP8uZz

120 exploits Active since Jun 2007
CVE-2008-1871 EXPLOITDB text WRITEUP
Scriptsagent.com Links Directory 1.1 - SQL Injection
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
EIP-2026-109068 EXPLOITDB perl WORKING POC
LaserNet CMS 1.5 - Arbitrary File Upload
CVE-2008-2833 EXPLOITDB perl WORKING POC
Worldlevel Le.cms < 1.4 - Authentication Bypass
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
CVE-2008-1727 EXPLOITDB perl WORKING POC
KnowledgeQuest <2.7 - Auth Bypass
KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts.
CVE-2008-2282 EXPLOITDB text WORKING POC
Thomas Voecking Internet Photoshow - Authentication Bypass
admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true.
CVE-2008-1859 EXPLOITDB text WORKING POC
iScripts SocialWare - SQL Injection
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
CVE-2007-6084 EXPLOITDB text WORKING POC
HotScripts Clone Script - SQL Injection
SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-107343 EXPLOITDB text WORKING POC
Gaming Directory 1.0 - 'cat_id' SQL Injection
CVE-2008-2353 EXPLOITDB text WRITEUP
Gnugallery < 1.1.1.0 - Path Traversal
Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
EIP-2026-107366 EXPLOITDB perl WORKING POC
GeekLog 1.5.0 - Arbitrary File Upload
CVE-2008-2279 EXPLOITDB text WORKING POC
Freelance Auction Script - Credentials Management
Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table.
CVE-2007-3609 EXPLOITDB text WORKING POC
Emeeting Online Dating Software - SQL Injection
Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors.
CVE-2008-2277 EXPLOITDB text WORKING POC
Cmsnx Feedback And Rating Script - SQL Injection
SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
CVE-2008-2921 EXPLOITDB text WRITEUP
Eztechhelp Company Ezcms < 1.2 - SQL Injection
SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2007-3882 EXPLOITDB text WORKING POC
Popscript.com Expert Advisor - SQL Injection
SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1788 EXPLOITDB text WORKING POC
Prozilla Entertainers <1.1 - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3461 EXPLOITDB text WORKING POC
Elkagroup Image Gallery - SQL Injection
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2007-3452 EXPLOITDB text WORKING POC
Edocstore - SQL Injection
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
EIP-2026-106723 EXPLOITDB text WORKING POC
Easynet Forum Host - 'forum.php' SQL Injection
CVE-2007-3520 EXPLOITDB text WORKING POC
Easybe 1-2-3 Music Store - SQL Injection
SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
CVE-2007-6392 EXPLOITDB text WORKING POC
DWdirectory <2.1 - SQL Injection
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.
EIP-2026-106710 EXPLOITDB text WRITEUP
Easycms 0.4.2 - Multiple Vulnerabilities
CVE-2008-1872 EXPLOITDB text WRITEUP
Comdev News Publisher 4.1.2 - SQL Injection
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3526 EXPLOITDB text WORKING POC
Vastal I-tech Buddy Zone < 1.5 - SQL Injection
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
CVE-2007-3979 EXPLOITDB text WORKING POC
Netart Media Blog System < 1.2 - SQL Injection
SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.