CorryL

31 exploits Active since May 2005
CVE-2012-4925 EXPLOITDB text WORKING POC
Img Pals Photo Host 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-119120 EXPLOITDB text WRITEUP
sd server 4.0.70 - Directory Traversal
CVE-2005-0338 EXPLOITDB perl WORKING POC
Savant Webserver - Buffer Overflow
Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.
CVE-2005-1348 EXPLOITDB perl WORKING POC
MailEnable <1.04 - RCE
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
EIP-2026-118358 EXPLOITDB text WRITEUP
CIS WebServer 3.5.13 - Directory Traversal
CVE-2005-0575 EXPLOITDB c WORKING POC
Stormy Studios Knet - Buffer Overflow
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
CVE-2005-1013 EXPLOITDB perl WORKING POC
MailEnable <1.04 - DoS
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.
CVE-2006-5850 EXPLOITDB perl WORKING POC
Essentia Web Server - Buffer Overflow
Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.
EIP-2026-114557 EXPLOITDB php WORKING POC
YVS Image Gallery - SQL Injection
CVE-2007-1291 EXPLOITDB text WRITEUP
TygerBT 1.1.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.
CVE-2007-1291 EXPLOITDB text WRITEUP
TygerBT 1.1.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.
EIP-2026-112725 EXPLOITDB text WRITEUP
Tkai's Shoutbox - 'Query' Open Redirection
CVE-2006-6778 EXPLOITDB text WORKING POC
TimberWolf 1.2.2 - XSS
Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
CVE-2007-1289 EXPLOITDB text WRITEUP
TygerBT 1.1.3 - SQL Injection
SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.
EIP-2026-111949 EXPLOITDB text WORKING POC
Scriptme SmE 1.21 - File Mailer Login SQL Injection
CVE-2007-2532 EXPLOITDB text WRITEUP
Minh Nguyen Duong Obie Website Mini Web Shop 2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
CVE-2007-2532 EXPLOITDB text WRITEUP
Minh Nguyen Duong Obie Website Mini Web Shop 2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
CVE-2007-0353 EXPLOITDB text WRITEUP
Mywebland Mybloggie - XSS
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
CVE-2007-0353 EXPLOITDB text WRITEUP
Mywebland Mybloggie - XSS
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
CVE-2005-1500 EXPLOITDB perl WORKING POC
myBloggie 2.1.1- - SQL Injection
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
CVE-2006-6887 EXPLOITDB text WRITEUP
UNU 1.0 - RCE
Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3199 EXPLOITDB text WORKING POC
American Financing Link Request Conta... - Unrestricted File Upload
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.
CVE-2012-4926 EXPLOITDB text WORKING POC
Img Pals Photo Host 1.0 - RCE
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action.
EIP-2026-107440 EXPLOITDB text WRITEUP
GMTT Music Distro 1.2 - 'ShowOwn.php' Cross-Site Scripting
EIP-2026-106428 EXPLOITDB text WORKING POC
Dev Web Manager System 1.5 - 'index.php' Cross-Site Scripting