SuB-ZeRo

16 exploits Active since Sep 2008
CVE-2008-3952 EXPLOITDB text WORKING POC
EsFaq 2.0 - SQL Injection via idcat Parameter
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
CVE-2009-1352 EXPLOITDB html WORKING POC
Dawningsoft PowerCHM 5.7 - Stack-Based Buffer Overflow via Long URL in HTML Link
Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL.
CVE-2009-1618 EXPLOITDB text WORKING POC
Teraway LiveHelp 2.0 - Unauthenticated Authentication Bypass via TWLHadmin Cookie
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1617 EXPLOITDB text WORKING POC
Teraway LinkTracker 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2009-1619 EXPLOITDB text WORKING POC
Teraway FileStream 1.0 - Unauthenticated Authentication Bypass via twFSadmin Cookie
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
CVE-2009-0598 EXPLOITDB text WORKING POC
PhpMesFilms 1.0 and 1.8 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1587 EXPLOITDB text WORKING POC
PHP Site Lock 2.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
CVE-2008-6892 EXPLOITDB text WORKING POC
Peel 3.1 - SQL Injection via rubid Parameter
SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572.
EIP-2026-110817 EXPLOITDB text WORKING POC
PHP-Fusion Mod Book Panel - 'course_id' SQL Injection
CVE-2008-5561 EXPLOITDB text WORKING POC
Netref 4.0 - SQL Injection via id Parameter
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.
CVE-2008-6016 EXPLOITDB text WORKING POC
EsFaq 2.0 - SQL Injection via cid Parameter
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-106726 EXPLOITDB text WORKING POC
Easynet4u Forum Host - 'forum.php' SQL Injection
EIP-2026-106725 EXPLOITDB text WORKING POC
Easynet4u faq Host - 'faq.php' SQL Injection
EIP-2026-105905 EXPLOITDB text WORKING POC
Click&Email - Authentication Bypass
CVE-2008-6156 EXPLOITDB text WORKING POC
AdMan 1.1.20070907 - Authenticated SQL Injection via editCampaign.php campaignId Parameter
SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.
EIP-2026-100114 EXPLOITDB text WORKING POC
ASP ActionCalendar 1.3 - Authentication Bypass