Cyber-Zone

58 exploits Active since May 2005
CVE-2009-2568 EXPLOITDB perl WORKING POC
Sorinara SAP 0.9 - RCE
Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Mini-stream Easy RM TO Mp3 Converter - Memory Corruption
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Mini-stream Easy RM TO Mp3 Converter - Memory Corruption
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Mini-stream Easy RM TO Mp3 Converter - Memory Corruption
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2009-3717 EXPLOITDB perl WORKING POC
Lucvil Patplayer - Memory Corruption
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Mini-stream Easy RM TO Mp3 Converter - Memory Corruption
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2009-1351 EXPLOITDB perl WORKING POC
Heikki Ylinen Apollo - Memory Corruption
Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2008-5784 EXPLOITDB CRITICAL text WORKING POC
V3 Chat - Profiles/Dating Script 3.0.2 - Auth Bypass
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVSS 9.8
EIP-2026-113210 EXPLOITDB text WORKING POC
Web Calendar 4.1 - Authentication Bypass
CVE-2008-5292 EXPLOITDB text WRITEUP
VideoGirls BiZ - SQL Injection
SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2008-6795 EXPLOITDB text WORKING POC
Niclor Vibro-school-cms - SQL Injection
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
CVE-2009-1619 EXPLOITDB text WORKING POC
Teraway Filestream - Authentication Bypass
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
CVE-2009-1618 EXPLOITDB text WORKING POC
Teraway Livehelp - Authentication Bypass
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1617 EXPLOITDB text WORKING POC
Teraway Linktracker - Authentication Bypass
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2008-6488 EXPLOITDB text WRITEUP
Softcomplex Php Image Gallery - SQL Injection
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.
CVE-2008-6387 EXPLOITDB text WRITEUP
Activewebsoftwares Quick Tree View .net - Information Disclosure
Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb.
CVE-2008-6796 EXPLOITDB text WRITEUP
Preprojects Pre Real Estate Listings - SQL Injection
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
EIP-2026-110709 EXPLOITDB text WORKING POC
PHP JOBWEBSITE PRO - Authentication Bypass
CVE-2008-6285 EXPLOITDB text WORKING POC
Businessvein Php TV Portal < 2.0 - SQL Injection
SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2009-1587 EXPLOITDB text WORKING POC
Kalptarudemos Php Site Lock - Authentication Bypass
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
CVE-2008-6390 EXPLOITDB text WORKING POC
Ocean12tech Membership Manager Pro - SQL Injection
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5047 EXPLOITDB text WRITEUP
Mole Group Rental Script - SQL Injection
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
EIP-2026-109549 EXPLOITDB text WORKING POC
Mole Group Airline Ticket Script - Authentication Bypass
EIP-2026-107190 EXPLOITDB text WORKING POC
form2list - 'page.php?id' SQL Injection
CVE-2008-6917 EXPLOITDB text WRITEUP
Exoscripts Exophpdesk - SQL Injection
SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter).