ViRuSMaN

36 exploits Active since Jan 2008
CVE-2010-0680 EXPLOITDB text WORKING POC
Zeuscms - Path Traversal
Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
EIP-2026-119400 EXPLOITDB text SUSPICIOUS
Maxs AJAX File Uploader - Arbitrary File Upload
CVE-2010-0681 EXPLOITDB text WORKING POC
Zeuscms - Access Control
ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql.
EIP-2026-114427 EXPLOITDB text WORKING POC
Xforum 1.4 - 'nbpageliste' Cross-Site Scripting
EIP-2026-114368 EXPLOITDB text WORKING POC
WorkSimple 1.3.2 - Multiple Vulnerabilities
CVE-2010-1077 EXPLOITDB text WORKING POC
Crawlability vBSEO <3.1.0 - Path Traversal
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
CVE-2010-0707 EXPLOITDB html WORKING POC
Employee Timeclock Software 0.99 - CSRF
Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information.
EIP-2026-112794 EXPLOITDB text WORKING POC
Triburom - 'forum.php' Cross-Site Scripting
EIP-2026-112792 EXPLOITDB text WRITEUP
Tribisur - 'cat' Cross-Site Scripting
EIP-2026-111646 EXPLOITDB text WRITEUP
QuickDev 4 PHP - Database Disclosure
EIP-2026-111004 EXPLOITDB text WORKING POC
phpBugTracker 1.0.1 - File Disclosure
EIP-2026-110281 EXPLOITDB text WORKING POC
OpenDb 1.5.0.4 - Multiple Local File Inclusions
EIP-2026-109898 EXPLOITDB text WRITEUP
Netzbrett - Database Disclosure
EIP-2026-109922 EXPLOITDB text WRITEUP
NewsLetter Tailor - Database Backup Dump
EIP-2026-109921 EXPLOITDB text WORKING POC
NewsLetter Tailor - Authentication Bypass
EIP-2026-109778 EXPLOITDB text WRITEUP
myPHP Guestbook 2.0.4 - Database Backup Dump
CVE-2010-0374 EXPLOITDB text WRITEUP
Codingfish Com Marketplace - XSS
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
CVE-2009-4583 EXPLOITDB text WORKING POC
Joomla! - SQL Injection
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.
EIP-2026-108484 EXPLOITDB text WRITEUP
Joomla! Component com_pinboard - Arbitrary File Upload
EIP-2026-107126 EXPLOITDB text WRITEUP
FlatFile Login System - Remote Password Disclosure
EIP-2026-106453 EXPLOITDB text WORKING POC
DigitalHive - 'mt' Cross-Site Scripting
EIP-2026-103347 EXPLOITDB text WORKING POC
[WS] upload - Arbitrary File Upload
EIP-2026-103301 EXPLOITDB text WORKING POC
NAS Uploader 1.0/1.5 - Arbitrary File Upload
EIP-2026-103299 EXPLOITDB text SUSPICIOUS
myPHPupload 0.5.1 - Arbitrary File Upload
CVE-2008-1985 EXPLOITDB text WRITEUP
DigitalHive 2.0 RC2 - XSS
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.