MizoZ

14 exploits Active since Aug 2006
CVE-2009-3224 EXPLOITDB text WRITEUP
Super Mod System - SQL Injection via s Parameter
SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter.
CVE-2009-2790 EXPLOITDB text WRITEUP
SoftBiz Dating Script - SQL Injection
SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.
EIP-2026-111398 EXPLOITDB text WORKING POC
Pollen CMS 0.6 - 'index.php?p' Paramete' Local File Disclosure
CVE-2009-4221 EXPLOITDB text WORKING POC
phpBazar < 2.1.1fix - SQL Injection via Classified.php catid Parameter
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.
CVE-2009-2775 EXPLOITDB text WRITEUP
PHPArcadeScript 4.0 - SQL Injection
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4724 EXPLOITDB text WORKING POC
PaymentProcessorScript.net - SQL Injection
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-4991 EXPLOITDB text WRITEUP
Omnistar Recruiting - Cross-Site Scripting via job2 Parameter
Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter.
EIP-2026-107888 EXPLOITDB text WRITEUP
Interspire FastFind - 'index.php' Cross-Site Scripting
CVE-2009-3712 EXPLOITDB text WORKING POC
Ebay Clone 2009 - SQL Injection via user_id or item_id Parameter
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php; and the item_id parameter to (2) view_full_size.php, (3) classifide_ad.php, and (4) crosspromoteitems.php.
EIP-2026-106634 EXPLOITDB text WRITEUP
E-PHP B2B Marketplace - Multiple Vulnerabilities
CVE-2009-3535 EXPLOITDB text WORKING POC
Clear Content 1.1 - Path Traversal via Image.php URL Parameter
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.
CVE-2009-4056 EXPLOITDB text WORKING POC
Betsy CMS 3.5 - Path Traversal via Admin Popup Parameter
Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter.
EIP-2026-105457 EXPLOITDB text WRITEUP
Betsy 4.0 - 'page' Local File Inclusion
CVE-2006-4206 EXPLOITDB text WRITEUP
ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode - Cross-Site Scripting via calendarID Parameter
Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter.