Or4nG.M4N

15 exploits Active since Oct 2012
CVE-2023-38965 EXPLOITDB CRITICAL python WORKING POC
Lost and Found Information System 1.0 - Privilege Escalation
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
CVSS 9.8
EIP-2026-113060 EXPLOITDB html WORKING POC
ViArt Shop 4.0.5 - Cross-Site Request Forgery
CVE-2012-6500 EXPLOITDB text WORKING POC
Pragyan Cms < 3.0 - Path Traversal
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
EIP-2026-111416 EXPLOITDB text WRITEUP
Portix-CMS 1.5.0. rc5 - Local File Inclusion
EIP-2026-111350 EXPLOITDB html WORKING POC
Plogger Gallery 1.0 - Cross-Site Request Forgery (Change Admin Password)
EIP-2026-111063 EXPLOITDB html WORKING POC
PHPGallery 1.1.0 - Cross-Site Request Forgery
EIP-2026-111036 EXPLOITDB text WRITEUP
PHPDomainRegister 0.4a-RC2-dev - Multiple Vulnerabilities
EIP-2026-110751 EXPLOITDB text WORKING POC
PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting
CVE-2012-5315 EXPLOITDB perl WORKING POC
php iReport 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php.
EIP-2026-110062 EXPLOITDB text WORKING POC
Online Book Store 1.0 - Arbitrary File Upload
EIP-2026-109633 EXPLOITDB python WORKING POC
Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution
CVE-2012-5231 EXPLOITDB text WORKING POC
miniCMS 1.0-2.0 - RCE
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
CVE-2011-4095 EXPLOITDB MEDIUM text WRITEUP
Jara 1.6 - XSS
Jara 1.6 has an XSS vulnerability
CVSS 6.1
CVE-2012-5326 EXPLOITDB perl WORKING POC
IDevSpot iSupport <1 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action.
EIP-2026-104843 EXPLOITDB perl WORKING POC
4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection