SuB-ZeRo

16 exploits Active since Sep 2008
CVE-2008-3952 EXPLOITDB text WORKING POC
EsFaq 2.0 - SQL Injection
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
CVE-2009-1352 EXPLOITDB html WORKING POC
Dawningsoft Powerchm - Memory Corruption
Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL.
CVE-2009-1618 EXPLOITDB text WORKING POC
Teraway Livehelp - Authentication Bypass
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1617 EXPLOITDB text WORKING POC
Teraway Linktracker - Authentication Bypass
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2009-1619 EXPLOITDB text WORKING POC
Teraway Filestream - Authentication Bypass
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
CVE-2009-0598 EXPLOITDB text WORKING POC
PhpMesFilms <1.8 - SQL Injection
SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1587 EXPLOITDB text WORKING POC
Kalptarudemos Php Site Lock - Authentication Bypass
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
CVE-2008-6892 EXPLOITDB text WORKING POC
Peel - SQL Injection
SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572.
EIP-2026-110817 EXPLOITDB text WORKING POC
PHP-Fusion Mod Book Panel - 'course_id' SQL Injection
CVE-2008-5561 EXPLOITDB text WORKING POC
Netref 4.0 - SQL Injection
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.
CVE-2008-6016 EXPLOITDB text WORKING POC
EsFaq 2.0 - SQL Injection
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-106726 EXPLOITDB text WORKING POC
Easynet4u Forum Host - 'forum.php' SQL Injection
EIP-2026-106725 EXPLOITDB text WORKING POC
Easynet4u faq Host - 'faq.php' SQL Injection
EIP-2026-105905 EXPLOITDB text WORKING POC
Click&Email - Authentication Bypass
CVE-2008-6156 EXPLOITDB text WORKING POC
Formfields Adman - SQL Injection
SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.
EIP-2026-100114 EXPLOITDB text WORKING POC
ASP ActionCalendar 1.3 - Authentication Bypass