Milos Zivanovic

30 exploits Active since Jan 2007
CVE-2009-4907 EXPLOITDB WRITEUP
oBlog - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.
CVE-2009-4364 EXPLOITDB WORKING POC
ScriptsEz Ez Blog - Cross-Site Scripting via cname Parameter
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4365 EXPLOITDB WORKING POC
ScriptsEz Ez Blog 1.0 - Cross-Site Request Forgery in admin.php
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action.
CVE-2009-4364 EXPLOITDB WORKING POC
ScriptsEz Ez Blog - Cross-Site Scripting via cname Parameter
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4365 EXPLOITDB WORKING POC
ScriptsEz Ez Blog 1.0 - Cross-Site Request Forgery in admin.php
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action.
CVE-2009-4384 EXPLOITDB text WORKING POC
Scriptsez Ez Poll Hoster - Cross-Site Scripting via pid or uid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.
CVE-2007-0518 EXPLOITDB text WRITEUP
Scriptsez Smart PHP Subscriber - Info Disclosure
Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.
EIP-2026-111957 EXPLOITDB text WRITEUP
Scriptsez Ez FAQ Maker 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-111720 EXPLOITDB text WORKING POC
Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting
CVE-2009-4908 EXPLOITDB text WRITEUP
oBlog - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php.
CVE-2009-4826 EXPLOITDB text WORKING POC
ScriptsEz Mini Hosting Panel - Cross-Site Request Forgery via Admin Panel Action
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action.
EIP-2026-109050 EXPLOITDB text WORKING POC
KubeLance 1.7.6 - Cross-Site Request Forgery (Add Admin)
EIP-2026-109043 EXPLOITDB text WRITEUP
KosmosBlog 0.9.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-107258 EXPLOITDB text WORKING POC
Frog CMS 0.9.5 - Cross-Site Request Forgery
EIP-2026-106999 EXPLOITDB text WRITEUP
Ez Poll Hoster - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106742 EXPLOITDB text WORKING POC
eazyPortal 1.0.0 - Multiple Vulnerabilities
EIP-2026-106924 EXPLOITDB text WORKING POC
eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
CVE-2009-4366 EXPLOITDB text WORKING POC
ScriptsEz Ez Blog 1.0 - Cross-Site Scripting via yr Parameter in bmonth Action
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
CVE-2009-4366 EXPLOITDB text WORKING POC
ScriptsEz Ez Blog 1.0 - Cross-Site Scripting via yr Parameter in bmonth Action
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
EIP-2026-106996 EXPLOITDB text WORKING POC
Ez Faq Maker - Multiple Vulnerabilities
EIP-2026-106997 EXPLOITDB text WORKING POC
Ez Guestbook 1.0 - Multiple Vulnerabilities
EIP-2026-106998 EXPLOITDB text WORKING POC
Ez News Manager / Pro - Cross-Site Request Forgery (Change Admin Password)
CVE-2009-4385 EXPLOITDB text WORKING POC
Scriptsez.net Ez Poll Hoster - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.
EIP-2026-106240 EXPLOITDB text WORKING POC
Croogo 1.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
EIP-2026-105835 EXPLOITDB text WORKING POC
Chipmunk NewsLetter - Cross-Site Request Forgery