Liz0ziM

15 exploits Active since Mar 2006
CVE-2008-3211 EXPLOITDB php WORKING POC
Scripteen Free Image Hosting Script <1.2.1 - Auth Bypass
Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1.
CVE-2006-1701 EXPLOITDB text WORKING POC
Shadowed Portal < 5.7d2 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.
CVE-2008-3212 EXPLOITDB php WORKING POC
Scripteen Free Image Hosting Script 1.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting Script 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/login.php, or the (3) uname or (4) pass parameter to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6082 EXPLOITDB php WORKING POC
Sciurus Hosting Panel - Code Injection
Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.
CVE-2006-1008 EXPLOITDB text WRITEUP
N8cms 1.1-1.2 - Cross-Site Scripting via dir, page_id, and userid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.
CVE-2006-1008 EXPLOITDB text WRITEUP
N8cms 1.1-1.2 - Cross-Site Scripting via dir, page_id, and userid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.
CVE-2006-1007 EXPLOITDB text WRITEUP
N8cms 1.1 and 1.2 - SQL Injection via dir and page_id Parameters
Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) dir and (2) page_id parameter to index.php.
CVE-2006-3158 EXPLOITDB text WRITEUP
eduha_meeting - Remote Code Execution via Unrestricted File Upload
index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.
CVE-2007-1906 EXPLOITDB perl WORKING POC
eCardMAX HotEditor 4.0 - Local File Inclusion via richedit/keyboard.php Parameter
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
CVE-2006-1071 EXPLOITDB text WORKING POC
dvguestbook 1.2.2 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2006-1070 EXPLOITDB text WORKING POC
dvguestbook 1.0 - Cross-Site Scripting via f Parameter
Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
EIP-2026-105917 EXPLOITDB text WORKING POC
Cline Communications - Multiple SQL Injections
CVE-2006-5765 EXPLOITDB text WORKING POC
article_script <= 1.6.3 - SQL Injection via RSS Category Parameter
SQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2007-6414 EXPLOITDB php WORKING POC
Adult Script <1.6 - Auth Bypass
admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php.
CVE-2006-1697 EXPLOITDB text WRITEUP
matt_wright_guestbook < 2.3.1 - Cross-Site Scripting via Your Name, E-Mail, or Comments Fields
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.