ZoRLu

253 exploits Active since Feb 2007
EIP-2026-114593 EXPLOITDB text WORKING POC
Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection
CVE-2008-6913 EXPLOITDB text WORKING POC
Zeeways ZEEJOBSITE 2.0 - Authenticated Arbitrary File Upload via Profile Photo
Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to jobseekers/logos/.
CVE-2008-6915 EXPLOITDB text WORKING POC
Zeeproperty 1.0 - Cross-Site Scripting via propid Parameter
Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter.
CVE-2008-6964 EXPLOITDB text WORKING POC
X7 Chat 2.0.5 - SQL Injection via Login Password Field
SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.
EIP-2026-114397 EXPLOITDB text WRITEUP
WyMIEN PHP 1.0 - 'index.php' Cross-Site Scripting
CVE-2014-8953 EXPLOITDB text WORKING POC
Php Scriptlerim Who's Who - Cross-Site Request Forgery via Admin Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.
CVE-2008-1466 EXPLOITDB text WRITEUP
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1466 EXPLOITDB text WRITEUP
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1466 EXPLOITDB text WRITEUP
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6545 EXPLOITDB text WORKING POC
Web Server Creator Web Portal 0.1 - Remote Code Execution via langfile Parameter
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4461 EXPLOITDB text WORKING POC
Vastal I-Tech Dating Zone - SQL Injection via fage Parameter
SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter.
CVE-2008-1466 EXPLOITDB text WRITEUP
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1466 EXPLOITDB text WRITEUP
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1466 EXPLOITDB text WRITEUP
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1466 EXPLOITDB text WRITEUP
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1466 EXPLOITDB text WRITEUP
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1466 EXPLOITDB text WRITEUP
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6205 EXPLOITDB text WORKING POC
URLStreet 1.0 - Cross-Site Scripting via Language, Order, or Filter Parameters
Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier Flahaut URLStreet 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) language, (2) order, and (3) filter parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6804 EXPLOITDB text WORKING POC
Tribiq CMS 5.0.9a beta - Unauthenticated Authentication Bypass via Cookie Manipulation
Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the existence of this issue
CVE-2008-2508 EXPLOITDB text WRITEUP
tr_script_news 2.1 - Cross-Site Scripting via nb Parameter
Cross-site scripting (XSS) vulnerability in news.php in Tr Script News 2.1 allows remote attackers to inject arbitrary web script or HTML via the "nb" parameter in voir mode.
CVE-2008-5487 EXPLOITDB text WORKING POC
TurnkeyForms Text Link Sales - Cross-Site Scripting via admin.php id Parameter
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-4720 EXPLOITDB text WORKING POC
The Gemini Portal 4.7 - Remote Code Execution via Lang Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php.
CVE-2009-1618 EXPLOITDB text WORKING POC
Teraway LiveHelp 2.0 - Unauthenticated Authentication Bypass via TWLHadmin Cookie
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
EIP-2026-112726 EXPLOITDB text WORKING POC
TLM CMS 1.1 - 'index.php' Multiple SQL Injections
CVE-2009-1619 EXPLOITDB text WORKING POC
Teraway FileStream 1.0 - Unauthenticated Authentication Bypass via twFSadmin Cookie
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.