t0pP8uZz

120 exploits Active since Jun 2007
CVE-2007-3549 EXPLOITDB text WORKING POC
Vastal I-tech Buddy Zone - SQL Injection
SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-1904 EXPLOITDB text WORKING POC
Cicoandcico CcMail <1.0.1 - Auth Bypass
Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie.
CVE-2008-5125 EXPLOITDB text WORKING POC
Castillocentral Ccleague - Authentication Bypass
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
CVE-2007-3448 EXPLOITDB text WORKING POC
Bugmall Shopping Cart - XSS
Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.
CVE-2008-5212 EXPLOITDB text WORKING POC
AJ Auction 6.2.1- - SQL Injection
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
CVE-2007-3590 EXPLOITDB text WORKING POC
B1gbb - XSS
Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2008-2269 EXPLOITDB text WORKING POC
Kevin Ludlow Austinsmoke Gastracker - Authentication Bypass
AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE.
CVE-2007-3521 EXPLOITDB text WORKING POC
Arcadebuilder Game Portal Manager - SQL Injection
SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.
CVE-2008-0440 EXPLOITDB text WORKING POC
Alstrasoft Forum Pay Per Post Exchange - Credentials Management
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
CVE-2008-2902 EXPLOITDB text WORKING POC
Alstrasoft Askme Pro < 2.1 - SQL Injection
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.
CVE-2008-2346 EXPLOITDB text WORKING POC
Alkalinephp < 0.77.35 - Access Control
AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php.
EIP-2026-105045 EXPLOITDB text WORKING POC
AJ Classifieds 2008 - 'index.php' SQL Injection
EIP-2026-105043 EXPLOITDB text WORKING POC
AJ Classifieds - 'index.php' SQL Injection
CVE-2008-5213 EXPLOITDB text WORKING POC
AJ Article 1.0 - SQL Injection
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
CVE-2007-6393 EXPLOITDB text WORKING POC
Ace Image Hosting Script - SQL Injection
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.
EIP-2026-105010 EXPLOITDB text WORKING POC
Affiliate Directory - 'cat_id' SQL Injection
CVE-2007-4056 EXPLOITDB text WORKING POC
Prozilla Adult Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect.
CVE-2008-6199 EXPLOITDB text WRITEUP
2532gigs < 1.2.2 - Access Control
2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control.
CVE-2008-2338 EXPLOITDB text WORKING POC
Interspire Activekb < 1.5 - Access Control
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
CVE-2008-6806 EXPLOITDB perl WORKING POC
7-shop 7shop < 1.1 - Improper Input Validation
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.