t0pP8uZz

120 exploits Active since Jun 2007
CVE-2007-3549 EXPLOITDB text WORKING POC
Buddy Zone 1.5 - SQL Injection via view_sub_cat.php cat_id Parameter
SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-1904 EXPLOITDB text WORKING POC
Cicoandcico CcMail <1.0.1 - Auth Bypass
Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie.
CVE-2008-5125 EXPLOITDB text WORKING POC
CCleague Pro 1.2 - Unauthenticated Authentication Bypass via Type Cookie
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
CVE-2007-3448 EXPLOITDB text WORKING POC
BugMall Shopping Cart 2.5 - Cross-Site Scripting via msgs Parameter
Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.
CVE-2008-5212 EXPLOITDB text WORKING POC
AJ Auction <= 6.2.1 - SQL Injection via item_id Parameter
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
CVE-2007-3590 EXPLOITDB text WORKING POC
b1gBB 2.24.0 - Cross-Site Scripting via User Parameter
Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2008-2269 EXPLOITDB text WORKING POC
AustinSmoke GasTracker 1.0.0 - Unauthenticated Privilege Escalation via gastracker_admin Cookie
AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE.
CVE-2007-3521 EXPLOITDB text WORKING POC
ArcadeBuilder Game Portal Manager 1.7 - SQL Injection via usercookie Cookie
SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.
CVE-2008-0440 EXPLOITDB text WORKING POC
AlstraSoft Forum Pay Per Post Exchange 2.0 - Cleartext Password Storage
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
CVE-2008-2902 EXPLOITDB text WORKING POC
AlstraSoft AskMe Pro < 2.1 - SQL Injection via Profile ID Parameter
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.
CVE-2008-2346 EXPLOITDB text WORKING POC
AlkalinePHP < 0.77.35 - Unauthenticated Admin Account Creation via Direct Request to adduser.php
AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php.
EIP-2026-105045 EXPLOITDB text WORKING POC
AJ Classifieds 2008 - 'index.php' SQL Injection
EIP-2026-105043 EXPLOITDB text WORKING POC
AJ Classifieds - 'index.php' SQL Injection
CVE-2008-5213 EXPLOITDB text WORKING POC
AJ Article 1.0 - SQL Injection via artid Parameter
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
CVE-2007-6393 EXPLOITDB text WORKING POC
Ace Image Hosting Script - SQL Injection
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.
EIP-2026-105010 EXPLOITDB text WORKING POC
Affiliate Directory - 'cat_id' SQL Injection
CVE-2007-4056 EXPLOITDB text WORKING POC
Prozilla Adult Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect.
CVE-2008-6199 EXPLOITDB text WRITEUP
2532gigs <= 1.2.2 - Unauthenticated Sensitive Information Exposure via Direct Backup Request
2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control.
CVE-2008-2338 EXPLOITDB text WORKING POC
Interspire ActiveKB < 1.5 - Unauthenticated Privilege Escalation via Auth Cookie Manipulation
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
CVE-2008-6806 EXPLOITDB perl WORKING POC
7shop < 1.1 - Unauthenticated Arbitrary File Upload via Image Upload
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.