Cyber-Zone

58 exploits Active since May 2005
CVE-2009-1746 EXPLOITDB text WORKING POC
Diangemilang Dgnews - SQL Injection
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
EIP-2026-106005 EXPLOITDB text WORKING POC
CMS-School 2005 - 'showarticle.php' SQL Injection
CVE-2009-1609 EXPLOITDB text WRITEUP
Battleblog Battle Blog - Improper Input Validation
Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
CVE-2008-6380 EXPLOITDB text WRITEUP
Activewebsoftwares Active Web Helpdesk - SQL Injection
SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
EIP-2026-100094 EXPLOITDB text WORKING POC
Active Web Helpdesk 2 - Authentication Bypass
CVE-2008-6356 EXPLOITDB text WRITEUP
Donnafontenot Evcal Events Calendar - Access Control
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.
EIP-2026-100250 EXPLOITDB text WORKING POC
dMx READ - Remote Database Disclosure
CVE-2008-6580 EXPLOITDB text WRITEUP
Funscripts Red Reservations - Access Control
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.