vinicius777

13 exploits Active since Feb 2008
CVE-2008-0685 EXPLOITDB WORKING POC
iTechClassifieds 3.0 - SQL Injection via ViewCat.php CatID Parameter
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
CVE-2014-125126 EXPLOITDB CRITICAL ruby WORKING POC
Simple E-Document 3.0-3.1 - File Upload
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
CVE-2014-125126 METASPLOIT CRITICAL ruby WORKING POC
Simple E-Document 3.0-3.1 - File Upload
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
CVE-2014-10020 EXPLOITDB text WORKING POC
Simple e-document 1.31 - SQL Injection via Username Parameter
SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.
EIP-2026-111310 EXPLOITDB text WORKING POC
PizzaInn_Project - SQL Injection
EIP-2026-110789 EXPLOITDB text WORKING POC
PHP Webcam Video Conference - Multiple Vulnerabilities
EIP-2026-109786 EXPLOITDB text WORKING POC
mySeatXT 0.2134 - SQL Injection
CVE-2014-100020 EXPLOITDB text WORKING POC
iTechClassifieds 3.03.057 - SQL Injection via ChangeEmail.php PreviewNum Parameter
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
EIP-2026-107450 EXPLOITDB text WORKING POC
godontologico 5 - SQL Injection
EIP-2026-106699 EXPLOITDB text WORKING POC
Easy POS System - 'login.php' SQL Injection
EIP-2026-105854 EXPLOITDB text WORKING POC
CiMe Citas Médicas - Multiple Vulnerabilities
EIP-2026-105769 EXPLOITDB text WORKING POC
Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection
EIP-2026-104967 EXPLOITDB text WORKING POC
Adult WebMaster PHP - Password Disclosure