ZoRLu Bugrahan

6 exploits Active since Nov 2014
CVE-2014-9448 EXPLOITDB perl WORKING POC
Mini-stream RM-MP3 Converter <3.1.2.1.2010.03.30 - Buffer Overflow
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
CVE-2014-8953 EXPLOITDB text WORKING POC
Php Scriptlerim Who's Who - Cross-Site Request Forgery via Admin Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.
CVE-2014-9348 EXPLOITDB text WORKING POC
RobotStats 1.0 - SQL Injection via Robot Parameter
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.
CVE-2014-8995 EXPLOITDB text WORKING POC
Maarch LetterBox 2.8 - SQL Injection
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
EIP-2026-107122 EXPLOITDB perl WORKING POC
Flat Calendar 1.1 - HTML Injection
CVE-2014-9349 EXPLOITDB text WORKING POC
RobotStats 1.0 - Cross-Site Scripting via nom or user_agent Parameter
Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php.