CorryL

31 exploits Active since May 2005
CVE-2012-4925 EXPLOITDB text WORKING POC
Img Pals Photo Host 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-119120 EXPLOITDB text WRITEUP
sd server 4.0.70 - Directory Traversal
CVE-2005-0338 EXPLOITDB perl WORKING POC
Savant Web Server 3.1 - Remote Code Execution via Long HTTP Request
Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.
CVE-2005-1348 EXPLOITDB perl WORKING POC
MailEnable Enterprise < 1.04 and Professional < 1.54 - Remote Code Execution via HTTP Authorization Header
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
EIP-2026-118358 EXPLOITDB text WRITEUP
CIS WebServer 3.5.13 - Directory Traversal
CVE-2005-0575 EXPLOITDB c WORKING POC
Stormy Studios Knet <= 1.04c - Buffer Overflow via Long HTTP GET Request
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
CVE-2005-1013 EXPLOITDB perl WORKING POC
MailEnable Enterprise <= 1.04 and Professional <= 1.54 - Denial of Service via SMTP EHLO Unicode String
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.
CVE-2006-5850 EXPLOITDB perl WORKING POC
Essentia Web Server 2.15 - Remote Code Execution via Long URI
Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.
EIP-2026-114557 EXPLOITDB php WORKING POC
YVS Image Gallery - SQL Injection
CVE-2007-1291 EXPLOITDB text WRITEUP
Tyger Bug Tracking System 1.1.3 - Cross-Site Scripting via PATH_INFO to Login.php and Register.php
Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.
CVE-2007-1291 EXPLOITDB text WRITEUP
Tyger Bug Tracking System 1.1.3 - Cross-Site Scripting via PATH_INFO to Login.php and Register.php
Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.
EIP-2026-112725 EXPLOITDB text WRITEUP
Tkai's Shoutbox - 'Query' Open Redirection
CVE-2006-6778 EXPLOITDB text WORKING POC
TimberWolf 1.2.2 - Cross-Site Scripting via shownews.php nid Parameter
Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
CVE-2007-1289 EXPLOITDB text WRITEUP
Tyger Bug Tracking System 1.1.3 - SQL Injection via ViewBugs.php s Parameter
SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.
EIP-2026-111949 EXPLOITDB text WORKING POC
Scriptme SmE 1.21 - File Mailer Login SQL Injection
CVE-2007-2532 EXPLOITDB text WRITEUP
Minh Nguyen Duong Obie Website Mini Web Shop 2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
CVE-2007-2532 EXPLOITDB text WRITEUP
Minh Nguyen Duong Obie Website Mini Web Shop 2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
CVE-2007-0353 EXPLOITDB text WRITEUP
myBloggie 2.1.5 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
CVE-2007-0353 EXPLOITDB text WRITEUP
myBloggie 2.1.5 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
CVE-2005-1500 EXPLOITDB perl WORKING POC
myBloggie 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
CVE-2006-6887 EXPLOITDB text WRITEUP
logahead UNU 1.0 - Remote Code Execution via WidgEd Plugin File Upload
Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3199 EXPLOITDB text WORKING POC
Link Request Contact Form 3.4 - Unauthenticated Arbitrary PHP File Upload
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.
CVE-2012-4926 EXPLOITDB text WORKING POC
Img Pals Photo Host 1.0 - Unauthenticated Administrator Activation Change via approve.php u Parameter
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action.
EIP-2026-107440 EXPLOITDB text WRITEUP
GMTT Music Distro 1.2 - 'ShowOwn.php' Cross-Site Scripting
EIP-2026-106428 EXPLOITDB text WORKING POC
Dev Web Manager System 1.5 - 'index.php' Cross-Site Scripting