Cyber-Zone

58 exploits Active since May 2005
CVE-2009-1746 EXPLOITDB text WORKING POC
Dian Gemilang DGNews 3.0 Beta - SQL Injection via berita.php id Parameter
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
EIP-2026-106005 EXPLOITDB text WORKING POC
CMS-School 2005 - 'showarticle.php' SQL Injection
CVE-2009-1609 EXPLOITDB text WRITEUP
Battle Blog 1.25 - Unauthenticated Arbitrary File Upload via admin/uploadform.asp
Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
CVE-2008-6380 EXPLOITDB text WRITEUP
Active Web Helpdesk 2.0 - SQL Injection via CategoryID Parameter
SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
EIP-2026-100094 EXPLOITDB text WORKING POC
Active Web Helpdesk 2 - Authentication Bypass
CVE-2008-6356 EXPLOITDB text WRITEUP
evcal_events_calendar - Unauthenticated Sensitive Information Exposure via Direct Database Request
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.
EIP-2026-100250 EXPLOITDB text WORKING POC
dMx READ - Remote Database Disclosure
CVE-2008-6580 EXPLOITDB text WRITEUP
Red_Reservations - Unauthenticated Sensitive Information Exposure via Direct Database File Access
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.