ZoRLu

253 exploits Active since Feb 2007
EIP-2026-105048 EXPLOITDB text WORKING POC
Aj Classifieds Real Estate 3.0 - Arbitrary File Upload
EIP-2026-105047 EXPLOITDB text WORKING POC
Aj Classifieds Personals 3.0 - Arbitrary File Upload
EIP-2026-105046 EXPLOITDB text WORKING POC
Aj Classifieds For Sale 3.0 - Arbitrary File Upload
CVE-2008-6543 EXPLOITDB text WRITEUP
Comscripts Quick Classifieds - Code Injection
Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc.
CVE-2008-1983 EXPLOITDB text WRITEUP
Advanced Electron Forum 1.0.6 - XSS
Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php.
CVE-2008-2412 EXPLOITDB text WRITEUP
Acgv.free Acgv News - SQL Injection
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2413 EXPLOITDB text WORKING POC
Acgv.free Acgv News - XSS
Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-7141 EXPLOITDB text WORKING POC
Alexphpteam @lex Poll - XSS
Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-7140 EXPLOITDB text WRITEUP
Alexguestbook @lex Guestbook < 4.0.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.
CVE-2008-7140 EXPLOITDB text WRITEUP
Alexguestbook @lex Guestbook < 4.0.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.
CVE-2009-2640 EXPLOITDB text WORKING POC
Interlogy Profile Manager Basic - SQL Injection
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.
EIP-2026-100333 EXPLOITDB text WORKING POC
FunkyASP AD System 1.1 - Arbitrary File Upload
CVE-2010-4856 EXPLOITDB python WORKING POC
xWeblog 2.2 - SQL Injection
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.
CVE-2009-4760 EXPLOITDB perl WORKING POC
Winn ASP Guestbook 1.01 Beta - Info Disclosure
Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb.
EIP-2026-100539 EXPLOITDB text WORKING POC
SAS Hotel Management System - Arbitrary File Upload
CVE-2008-5571 EXPLOITDB text WORKING POC
Professional Download Assistant 0.1 - SQL Injection
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
CVE-2008-5571 EXPLOITDB text WRITEUP
Professional Download Assistant 0.1 - SQL Injection
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
EIP-2026-100469 EXPLOITDB python WORKING POC
Onlineon E-Ticaret - Database Disclosure
CVE-2008-6871 EXPLOITDB text WRITEUP
Merlix Educate Server - Access Control
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
CVE-2008-5608 EXPLOITDB text WRITEUP
ASP AutoDealer - Info Disclosure
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
EIP-2026-100004 EXPLOITDB python WORKING POC
PHP Hosting Directory 2.0 - Database Disclosure
CVE-2014-9349 EXPLOITDB text WORKING POC
RobotStats 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php.
EIP-2026-100198 EXPLOITDB python WORKING POC
Cilem Haber 1.4.4 (Tr) - Database Disclosure
EIP-2026-100166 EXPLOITDB python WORKING POC
Bka Haber 1.0 (Tr) - File Disclosure
CVE-2008-5603 EXPLOITDB text WRITEUP
ASPTicker 1.0 - Info Disclosure
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.