Exploitdb Exploits

CVE-2009-1821 EXPLOITDB text VERIFIED

DMXReady Registration Manager 1.1 - Unauthenticated Sensitive Information Exposure via Direct Database File Access

DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.

by S4S-T3rr0r!sT

View

CVE-2009-1664 EXPLOITDB text VERIFIED

Easy Scripts Answer and Question Script - Unauthenticated Password Change via myaccount.php

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.

by InjEctOr5

View

CVE-2009-1663 EXPLOITDB text VERIFIED

Easy Scripts Answer and Question Script - Unauthenticated Arbitrary File Upload via myaccount.php

Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory.

by InjEctOr5

View

CVE-2009-1655 EXPLOITDB text VERIFIED

Easy Scripts Answer and Question Script - Authenticated SQL Injection via Userid Parameter

Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.

by InjEctOr5

View

CVE-2009-1654 EXPLOITDB text VERIFIED

Easy Scripts Answer and Question Script - Cross-Site Scripting via questionid Parameter

Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.

by InjEctOr5

View

CVE-2009-1651 EXPLOITDB text VERIFIED

2daybiz Business Community Script - SQL Injection via mid Parameter

SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.

by TiGeR-Dz

View

CVE-2009-1817 EXPLOITDB text VERIFIED

DigiMode Maya 1.0.2 - Remote Code Execution via Malformed Playlist File

Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file.

by SirGod

View

CVE-2009-1813 EXPLOITDB text VERIFIED

Submitterscript - SQL Injection

Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).

by ThE g0bL!N

View

CVE-2009-1650 EXPLOITDB text VERIFIED

Shutter 0.1.1 - SQL Injection via albumID, tagID, or photoID Parameter

Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.

by YEnH4ckEr

View

CVE-2009-1816 EXPLOITDB text VERIFIED

My Game Script 2.0 - SQL Injection via User Parameter

SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.

by ThE g0bL!N

View

EIP-2026-109615 EXPLOITDB text VERIFIED

MRCGIGUY Ultimate Profit Portal 1.0.1 - Insecure Cookie Handling

by TiGeR-Dz

View

EIP-2026-109614 EXPLOITDB text VERIFIED

MRCGIGUY Top Sites 1.0.0 - Insecure Cookie Handling

by ThE g0bL!N

View

EIP-2026-109612 EXPLOITDB text VERIFIED

MRCGIGUY The Ticket System 2.0 - Insecure Cookie Handling

by TiGeR-Dz

View

EIP-2026-109611 EXPLOITDB text VERIFIED

MRCGIGUY SimpLISTic SQL 2.0.0 - Insecure Cookie Handling

by ThE g0bL!N

View

EIP-2026-109610 EXPLOITDB text VERIFIED

MRCGIGUY Message Box 1.0 - Insecure Cookie Handling

by TiGeR-Dz

View

EIP-2026-109609 EXPLOITDB text VERIFIED

MRCGIGUY Hot Links SQL 3.2.0 - Insecure Cookie Handling

by TiGeR-Dz

View

EIP-2026-109606 EXPLOITDB text VERIFIED

MRCGIGUY ClickBank Directory 1.0.1 - Insecure Cookie Handling

by TiGeR-Dz

View

EIP-2026-109605 EXPLOITDB text VERIFIED

MRCGIGUY Amazon Directory 1.0/2.0 - Insecure Cookie Handling

by TiGeR-Dz

View

CVE-2009-1665 EXPLOITDB text VERIFIED

Easy Scripts Answer and Question Script - Unauthenticated Arbitrary User Account Deletion via myaccount.php

myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.

by InjEctOr5

View

CVE-2009-1649 EXPLOITDB text VERIFIED

beLive 0.2.3 - Path Traversal via arch Parameter

Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter.

by Kacper

View

CVE-2009-2003 EXPLOITDB text VERIFIED

Ascad Networks Password Protector SD <1.3.1 - Auth Bypass

Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."

by G4N0K

View

CVE-2009-1767 EXPLOITDB text VERIFIED

2daybiz Template Monster Clone - Unauthenticated Arbitrary Account Modification via edituser.php Parameters

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.

by TiGeR-Dz

View

CVE-2009-1652 EXPLOITDB text VERIFIED

2daybiz Business Community Script - Unauthenticated Privilege Escalation via admin/adminaddeditdetails.php

admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request.

by TiGeR-Dz

View

EIP-2026-104009 EXPLOITDB text VERIFIED

Nortel Contact Center Manager - Administration Password Disclosure

by Bernhard Muller

View

EIP-2026-119334 EXPLOITDB text VERIFIED

Zervit Web Server 0.4 - Directory Traversal / Memory Corruption

by e.wiZz! & shinnai

View