Pouya_Server

73 exploits Active since Feb 2008
CVE-2009-0248 EXPLOITDB text WORKING POC
Katy Whitton RankEm - Cross-Site Scripting via siteID Parameter
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.
CVE-2009-0336 EXPLOITDB text WORKING POC
Katy Whitton BlogIt! - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
CVE-2009-0335 EXPLOITDB text WORKING POC
Katy Whitton BlogIt! - Cross-Site Scripting via Index.asp View Parameter
Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.
CVE-2009-0334 EXPLOITDB text WORKING POC
Katy Whitton BlogIt! - SQL Injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
CVE-2009-0760 EXPLOITDB text WORKING POC
Team Board 1.x and 2.x - Unauthenticated Sensitive Information Exposure via Direct Database Access
Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.
CVE-2008-6369 EXPLOITDB text WORKING POC
Ocean12 Contact Manager Pro 1.02 - SQL Injection via Sort Parameter
SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
CVE-2008-5127 EXPLOITDB text WORKING POC
Ocean12 Contact Manager Pro 1.02 - Unprotected Sensitive Information Exposure via Direct Request
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
CVE-2008-5979 EXPLOITDB text WORKING POC
Ocean12 Mailing List Manager Gold - XSS
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.
CVE-2008-5978 EXPLOITDB text WORKING POC
Ocean12 Mailing List Manager Gold - SQL Injection
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
CVE-2008-5930 EXPLOITDB text WRITEUP
The Net Guys ASPired2Blog - SQL Injection
SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.
CVE-2008-6386 EXPLOITDB text WRITEUP
Z1Exchange 1.0 - Cross-Site Scripting via showads.php id Parameter
Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-6392 EXPLOITDB text WRITEUP
Z1Exchange - SQL Injection via showads.php id Parameter
SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6495 EXPLOITDB text WORKING POC
yappa-ng 2.3.2 - Cross-Site Scripting via Album Parameter
Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
CVE-2008-6515 EXPLOITDB text WORKING POC
yappa-ng - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
CVE-2008-0753 EXPLOITDB text WRITEUP
Virtual War 1.5 - SQL Injection via Calendar Month Parameter
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
EIP-2026-113053 EXPLOITDB text WORKING POC
Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-113171 EXPLOITDB text WRITEUP
w3bcms - '/admin/index.php' SQL Injection
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2009-0249 EXPLOITDB text WORKING POC
Katy Whitton RankEm - Info Disclosure
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
CVE-2008-6385 EXPLOITDB text WORKING POC
W3matter RevSense 1.0 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.