Yashar shahinzadeh

16 exploits Active since Dec 2010
CVE-2013-5316 EXPLOITDB text WORKING POC
RiteCMS 1.0.0 - Cross-Site Request Forgery via Administrator Password Change
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.
CVE-2013-4949 EXPLOITDB text WORKING POC
Machform 2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via view.php
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
CVE-2013-4948 EXPLOITDB text WORKING POC
Machform 2 - SQL Injection via element_2 Parameter
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
CVE-2010-4513 EXPLOITDB text WORKING POC
zimplit_cms < 3.0 - Cross-Site Scripting via file and client Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
EIP-2026-114115 EXPLOITDB text WRITEUP
WordPress Plugin ThinkIT 0.1 - Multiple Vulnerabilities
EIP-2026-112793 EXPLOITDB text WORKING POC
Tribq CMS 5.2.7 - Cross-Site Request Forgery (Adding/Editing New Administrator Account)
EIP-2026-112395 EXPLOITDB text WORKING POC
Spitfire CMS 1.1.4 - Cross-Site Request Forgery
CVE-2013-5317 EXPLOITDB text WORKING POC
RiteCMS 1.0.0 - Authenticated Cross-Site Scripting via Mode Parameter
Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.
EIP-2026-111355 EXPLOITDB text WORKING POC
Pluck CMS 4.7 - HTML Code Injection
EIP-2026-110231 EXPLOITDB text WORKING POC
Open Real Estate CMS 1.5.1 - Multiple Vulnerabilities
EIP-2026-109561 EXPLOITDB text WRITEUP
Monkey CMS - Multiple Vulnerabilities
CVE-2013-4950 EXPLOITDB text WORKING POC
Machform 2 - Cross-Site Scripting via view.php element_2 Parameter
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
EIP-2026-109233 EXPLOITDB text WORKING POC
Mac's CMS 1.1.4 - Multiple Vulnerabilities
EIP-2026-109150 EXPLOITDB php WORKING POC
Limonade Framework - 'limonade.php' Local File Disclosure
EIP-2026-105467 EXPLOITDB html WORKING POC
BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)
EIP-2026-105207 EXPLOITDB text WORKING POC
appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities