Cyber-Zone

58 exploits Active since May 2005
CVE-2009-2568 EXPLOITDB perl WORKING POC
Sorinara Streaming Audio Player 0.9 - Remote Code Execution via Long String in Playlist File
Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Easy RM to MP3 Converter - Stack-based Buffer Overflow via Long Filename in Playlist File
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Easy RM to MP3 Converter - Stack-based Buffer Overflow via Long Filename in Playlist File
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Easy RM to MP3 Converter - Stack-based Buffer Overflow via Long Filename in Playlist File
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2009-3717 EXPLOITDB perl WORKING POC
LucVil PatPlayer 3.9 - Heap-Based Buffer Overflow via Long URI in Playlist File
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Easy RM to MP3 Converter - Stack-based Buffer Overflow via Long Filename in Playlist File
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2009-1351 EXPLOITDB perl WORKING POC
Apollo 37zz - Heap-Based Buffer Overflow via Long URI in Playlist File
Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2008-5784 EXPLOITDB CRITICAL text WORKING POC
V3 Chat - Profiles/Dating Script 3.0.2 - Auth Bypass
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVSS 9.8
EIP-2026-113210 EXPLOITDB text WORKING POC
Web Calendar 4.1 - Authentication Bypass
CVE-2008-5292 EXPLOITDB text WRITEUP
VideoGirls BiZ - SQL Injection via view_snaps.php type Parameter
SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2008-6795 EXPLOITDB text WORKING POC
nicLOR Vibro-School-CMS - SQL Injection via nID Parameter
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
CVE-2009-1619 EXPLOITDB text WORKING POC
Teraway FileStream 1.0 - Unauthenticated Authentication Bypass via twFSadmin Cookie
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
CVE-2009-1618 EXPLOITDB text WORKING POC
Teraway LiveHelp 2.0 - Unauthenticated Authentication Bypass via TWLHadmin Cookie
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1617 EXPLOITDB text WORKING POC
Teraway LinkTracker 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2008-6488 EXPLOITDB text WRITEUP
SoftComplex PHP Image Gallery 1.0 - SQL Injection via Admin Field in Login Action
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.
CVE-2008-6387 EXPLOITDB text WRITEUP
Quick Tree View .NET 3.1 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb.
CVE-2008-6796 EXPLOITDB text WRITEUP
Pre Real Estate Listings - SQL Injection via Username Parameter
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
EIP-2026-110709 EXPLOITDB text WORKING POC
PHP JOBWEBSITE PRO - Authentication Bypass
CVE-2008-6285 EXPLOITDB text WORKING POC
PHP TV Portal < 2.0 - SQL Injection via mid Parameter
SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2009-1587 EXPLOITDB text WORKING POC
PHP Site Lock 2.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
CVE-2008-6390 EXPLOITDB text WORKING POC
Membership Manager Pro - SQL Injection via Login Password Parameter
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5047 EXPLOITDB text WRITEUP
Mole Group Rental Script - SQL Injection via Username Parameter
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
EIP-2026-109549 EXPLOITDB text WORKING POC
Mole Group Airline Ticket Script - Authentication Bypass
EIP-2026-107190 EXPLOITDB text WORKING POC
form2list - 'page.php?id' SQL Injection
CVE-2008-6917 EXPLOITDB text WRITEUP
ExoPHPDesk 1.2 Final - SQL Injection via Username Parameter
SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter).