x0r

54 exploits Active since Oct 2008
EIP-2026-110589 EXPLOITDB text WORKING POC
pHNews Alpha 1 - 'mod' SQL Injection
EIP-2026-110713 EXPLOITDB text WORKING POC
PHP Krazy Image Host Script 1.01 - 'id' SQL Injection
CVE-2009-0479 EXPLOITDB text WORKING POC
Online Grades 3.2.4 - SQL Injection
Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-109852 EXPLOITDB text WORKING POC
Nenriki CMS 0.5 - 'ID' Cookie SQL Injection
CVE-2009-0739 EXPLOITDB text WORKING POC
MyNews 0.10 - SQL Injection
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
CVE-2008-4781 EXPLOITDB text WORKING POC
Easy-script Myktools - Path Traversal
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
EIP-2026-109550 EXPLOITDB text WORKING POC
Mole Group Vacation Estate Listing Script - Blind SQL Injection
CVE-2008-6084 EXPLOITDB text WRITEUP
Iamma Simple Gallery <2.0 - RCE
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
CVE-2008-6118 EXPLOITDB text WRITEUP
Goople CMS 1.7 - Auth Bypass
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
CVE-2008-5880 EXPLOITDB text WORKING POC
Gobbl CMS 1.0 - Auth Bypass
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".
EIP-2026-107499 EXPLOITDB text WORKING POC
Grestul 1.x - Cookie Authentication Bypass
EIP-2026-107488 EXPLOITDB text WORKING POC
gravy media CMS 1.07 - Multiple Vulnerabilities
CVE-2009-4808 EXPLOITDB text WORKING POC
Graugon Php Article Publisher - Authentication Bypass
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
EIP-2026-107482 EXPLOITDB text WRITEUP
Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass
EIP-2026-107461 EXPLOITDB text WORKING POC
Goople CMS 1.7 - Arbitrary File Upload
EIP-2026-106800 EXPLOITDB text WORKING POC
EggBlog 3.1.10 - Cross-Site Request Forgery (Change Admin Password)
CVE-2008-6241 EXPLOITDB text WORKING POC
China-on-site Flexphpsite - SQL Injection
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
CVE-2008-6730 EXPLOITDB text WORKING POC
China-on-site Flexphplink - SQL Injection
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
CVE-2008-6750 EXPLOITDB text WORKING POC
China-on-site Flexphpdirectory - Improper Input Validation
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.
CVE-2008-6361 EXPLOITDB text WORKING POC
Insun Podcast Feedcms - Path Traversal
Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter.
EIP-2026-107054 EXPLOITDB text WORKING POC
Fast FAQs System - Authentication Bypass
CVE-2008-6307 EXPLOITDB text WORKING POC
E-topbiz Link Back Checker - Authentication Bypass
E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."
EIP-2026-106542 EXPLOITDB text WORKING POC
doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload
CVE-2009-0740 EXPLOITDB text WORKING POC
BlueBird Prelease - SQL Injection
SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
CVE-2009-0403 EXPLOITDB text WORKING POC
Chipmunk Blogger Script - SQL Injection
SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.