Pouya_Server

73 exploits Active since Feb 2008
EIP-2026-100544 EXPLOITDB text WRITEUP
Shop Creator 4.0 - SQL Injection
CVE-2008-6888 EXPLOITDB text WORKING POC
Pre Classified Listings 1.0 - Cross-Site Scripting via Signup Address Parameter
Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter.
CVE-2008-6887 EXPLOITDB text WRITEUP
Pre Classified Listings 1.0 - SQL Injection via detailad.asp siteid Parameter
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
CVE-2008-6847 EXPLOITDB text WORKING POC
Pre ASP Job Board - Cross-Site Scripting via Employee Login msg Parameter
Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
EIP-2026-100491 EXPLOITDB text WRITEUP
Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting
CVE-2009-0429 EXPLOITDB text WRITEUP
Active Bids - SQL Injection via search.asp search Parameter
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php.
EIP-2026-100275 EXPLOITDB text WORKING POC
Dorsa CMS - 'Default_.aspx' Cross-Site Scripting
CVE-2008-5886 EXPLOITDB text WRITEUP
TAKempis Discussion Web 4.0 - Info Disclosure
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-6500 EXPLOITDB text WORKING POC
CodeToad ASP Shopping Cart Script - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
CVE-2008-5896 EXPLOITDB text WRITEUP
CodeAvalanche RateMySite - Info Disclosure
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-5897 EXPLOITDB text WRITEUP
CodeAvalanche FreeWallpaper - Info Disclosure
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-5899 EXPLOITDB text WRITEUP
CodeAvalanche FreeForAll - Info Disclosure
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-5898 EXPLOITDB text WRITEUP
CodeAvalanche Directory - Info Disclosure
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-5900 EXPLOITDB text WRITEUP
CodeAvalanche Articles - Info Disclosure
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information.
CVE-2009-0339 EXPLOITDB text WRITEUP
DMXReady Blog Manager - SQL Injection
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
CVE-2009-0338 EXPLOITDB text WORKING POC
DMXReady Blog Manager - Cross-Site Scripting via CategoryID Parameter
Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action.
CVE-2008-5885 EXPLOITDB text WRITEUP
Net Guys ASPired2Quote - Info Disclosure
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-5923 EXPLOITDB text WRITEUP
ASP-DEv XM Events Diary - SQL Injection
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.
CVE-2008-5926 EXPLOITDB text WORKING POC
ASP-DEv Internal E-Mail System - SQL Injection
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information.
CVE-2008-6890 EXPLOITDB text WRITEUP
ASP Forum Script - SQL Injection via messages.asp message_id Parameter
SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.
CVE-2008-6891 EXPLOITDB text WORKING POC
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
CVE-2008-6891 EXPLOITDB text WORKING POC
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
CVE-2009-0430 EXPLOITDB text WORKING POC
Active Bids - Cross-Site Scripting via Search Parameter or URL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp.