Pouya_Server

73 exploits Active since Feb 2008
CVE-2009-0248 EXPLOITDB text WORKING POC
Katy Whitton RankEm - XSS
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.
CVE-2009-0336 EXPLOITDB text WORKING POC
BlogIt! - Info Disclosure
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
CVE-2009-0335 EXPLOITDB text WORKING POC
Katy Whitton BlogIt! - XSS
Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.
CVE-2009-0334 EXPLOITDB text WORKING POC
Katy Whitton BlogIt! - SQL Injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
CVE-2009-0760 EXPLOITDB text WORKING POC
Team Board <2.x - Info Disclosure
Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.
CVE-2008-6369 EXPLOITDB text WORKING POC
Ocean12tech Contact Manager Pro - SQL Injection
SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
CVE-2008-5127 EXPLOITDB text WORKING POC
Ocean12 Technologies Contact Manager - Access Control
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
CVE-2008-5979 EXPLOITDB text WORKING POC
Ocean12 Mailing List Manager Gold - XSS
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.
CVE-2008-5978 EXPLOITDB text WORKING POC
Ocean12 Mailing List Manager Gold - SQL Injection
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
CVE-2008-5930 EXPLOITDB text WRITEUP
The Net Guys ASPired2Blog - SQL Injection
SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.
CVE-2008-6386 EXPLOITDB text WRITEUP
1scripts Z1exchange - XSS
Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-6392 EXPLOITDB text WRITEUP
1scripts Z1exchange - SQL Injection
SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6495 EXPLOITDB text WORKING POC
Zirkon BOX Yappa-ng - XSS
Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
CVE-2008-6515 EXPLOITDB text WORKING POC
Vclcomponents Yappa-ng - XSS
Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
CVE-2008-0753 EXPLOITDB text WRITEUP
Vwar Virtual War - SQL Injection
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
EIP-2026-113053 EXPLOITDB text WORKING POC
Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-113171 EXPLOITDB text WRITEUP
w3bcms - '/admin/index.php' SQL Injection
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbizscripts Classifieds Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbizscripts Classifieds Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbizscripts Classifieds Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbizscripts Classifieds Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbizscripts Classifieds Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2008-6325 EXPLOITDB text WORKING POC
Softbizscripts Classifieds Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2009-0249 EXPLOITDB text WORKING POC
Katy Whitton RankEm - Info Disclosure
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
CVE-2008-6385 EXPLOITDB text WORKING POC
W3matter Revsense - XSS
Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.