Br0ly

17 exploits Active since Jan 2006
CVE-2009-2033 EXPLOITDB text WORKING POC
Yogurt 0.3 - XSS
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-0074 EXPLOITDB perl WORKING POC
PHPenpals - SQL Injection
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.
CVE-2009-4940 EXPLOITDB perl WORKING POC
Zeuscart - SQL Injection
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
EIP-2026-114554 EXPLOITDB text WORKING POC
Ypninc Realty Classifieds - SQL Injection
CVE-2009-2034 EXPLOITDB text WORKING POC
Yogurt 0.3 - SQL Injection
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
EIP-2026-112944 EXPLOITDB text WORKING POC
Vacation Rental Script 4.0 - Arbitrary File Upload
CVE-2009-2101 EXPLOITDB text WORKING POC
TorrentVolve 1.4 - Path Traversal
Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a .. (dot dot) in the deleteTorrent parameter.
CVE-2009-1768 EXPLOITDB text WORKING POC
Ramazeiten Ramazaitencms0.9.7.5 - Path Traversal
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2009-2599 EXPLOITDB perl WORKING POC
RadCLASSIFIEDS Gold 2.0 - SQL Injection
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.
CVE-2009-2641 EXPLOITDB text WORKING POC
PHP - RCE
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-2081 EXPLOITDB text WORKING POC
phpWebThings <1.5.2 - Path Traversal
Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
CVE-2009-1814 EXPLOITDB perl WORKING POC
Jevontech Phpenpals < 1.1 - SQL Injection
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
CVE-2009-2095 EXPLOITDB text WRITEUP
Mundi Mail 0.8.2 - RCE
PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files.
EIP-2026-105647 EXPLOITDB text WORKING POC
Built2Go PHP Shopping - SQL Injection
EIP-2026-105049 EXPLOITDB perl WORKING POC
AJ Matrix DNA - SQL Injection
EIP-2026-104893 EXPLOITDB perl WORKING POC
Abtp Portal Project 0.1.0 - Local File Inclusion
EIP-2026-100602 EXPLOITDB perl WORKING POC
Virtual Store Open 3.0 - Acess SQL Injection