Pouya_Server

73 exploits Active since Feb 2008
CVE-2009-0249 EXPLOITDB text WORKING POC
Katy Whitton RankEm - Info Disclosure
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
CVE-2008-5976 EXPLOITDB text WRITEUP
PHP JOBWEBSITE PRO - Stored Cross-Site Scripting via Adname Parameter or UserName Field
Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.
CVE-2008-5977 EXPLOITDB text WRITEUP
PHP JOBWEBSITE PRO - SQL Injection via adname Parameter
SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.
CVE-2008-6370 EXPLOITDB text WORKING POC
Ocean12 Contact Manager Pro 1.02 - Cross-Site Scripting via DisplayFormat Parameter
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter.
EIP-2026-110395 EXPLOITDB text INFO LEAK
Osmodia Bulletin Board 1.x - 'admin.txt' File Disclosure
EIP-2026-110011 EXPLOITDB text WRITEUP
Ocean12 Poll Manager Pro - Database Disclosure
EIP-2026-110010 EXPLOITDB text WRITEUP
Ocean12 Membership Manager Pro - Database Disclosure
CVE-2008-5980 EXPLOITDB text WORKING POC
Ocean12 Mailing List Manager Gold - Info Disclosure
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
EIP-2026-110009 EXPLOITDB text WRITEUP
Ocean12 Calendar Manager Gold - Database Disclosure
CVE-2008-6785 EXPLOITDB text WORKING POC
Mini File Host 1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable File Extension
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file.
EIP-2026-109333 EXPLOITDB text WRITEUP
Masir Camp 3.0 - 'SearchKeywords' SQL Injection
EIP-2026-106899 EXPLOITDB python WORKING POC
EPOLL SYSTEM 3.1 - 'Password.dat' Disclosure
EIP-2026-106116 EXPLOITDB text WORKING POC
COms - 'dynamic.php' Cross-Site Scripting
EIP-2026-105405 EXPLOITDB text WORKING POC
Basic-CMS - 'q' Cross-Site Scripting
CVE-2009-0337 EXPLOITDB text WORKING POC
Katy Whitton BlogIt! - SQL Injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-105165 EXPLOITDB text WORKING POC
Amoot Web Directory - Password Field SQL Injection
CVE-2008-6891 EXPLOITDB text WRITEUP
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
EIP-2026-100819 EXPLOITDB text INFO LEAK
i-dreams Mailer 1.2 Final - 'admin.dat' File Disclosure
EIP-2026-100818 EXPLOITDB text SUSPICIOUS
i-dreams GB Server - 'admin.dat' File Disclosure
EIP-2026-100817 EXPLOITDB text INFO LEAK
i-dreams GB 5.4 Final - 'admin.dat' File Disclosure
EIP-2026-100473 EXPLOITDB text WORKING POC
ParsBlogger - 'blog.asp' Cross-Site Scripting
CVE-2008-6391 EXPLOITDB text WRITEUP
nexusjnr jbook - SQL Injection via User Parameter
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
CVE-2009-0431 EXPLOITDB text WRITEUP
LinksPro Standard Edition - SQL Injection
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.
CVE-2008-5931 EXPLOITDB text WRITEUP
Net Guys ASPired2Blog - Info Disclosure
The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information.
CVE-2009-0761 EXPLOITDB text WORKING POC
Team Board 1.x - Cross-Site Scripting via lookname Parameter
Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter.