ZoRLu

253 exploits Active since Feb 2007
EIP-2026-108108 EXPLOITDB text WRITEUP
Job2C 4.2 - 'adtype' Local File Inclusion
CVE-2008-5992 EXPLOITDB text WORKING POC
Jetik ESA 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php.
CVE-2008-1355 EXPLOITDB text WORKING POC
Jeebles Directory 2.9.60 - XSS
Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6254 EXPLOITDB text WRITEUP
Jadu Galaxies - SQL Injection
SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter.
CVE-2008-6562 EXPLOITDB text WORKING POC
JAX Scripts Jax Linklists - XSS
Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1273 EXPLOITDB text WORKING POC
imageVue 1.7 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1273 EXPLOITDB text WORKING POC
imageVue 1.7 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1273 EXPLOITDB text WORKING POC
imageVue 1.7 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1273 EXPLOITDB text WRITEUP
imageVue 1.7 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-107631 EXPLOITDB text WRITEUP
Host Directory PRO 2.1.0 - Remote Database Backup
EIP-2026-107387 EXPLOITDB text WRITEUP
getaphpsite Auto Dealers - Arbitrary File Upload
CVE-2008-6655 EXPLOITDB text WRITEUP
Comscripts Gedcom TO Mysl - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.
CVE-2008-6655 EXPLOITDB text WRITEUP
Comscripts Gedcom TO Mysl - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.
CVE-2008-6655 EXPLOITDB text WRITEUP
Comscripts Gedcom TO Mysl - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.
CVE-2008-1327 EXPLOITDB text WRITEUP
Gallarific - CSRF
Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1326 EXPLOITDB text WORKING POC
Gallarific - XSS
Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-107514 EXPLOITDB text WORKING POC
GS Real Estate Portal US/International Module - Multiple Vulnerabilities
CVE-2009-4808 EXPLOITDB text WORKING POC
Graugon Php Article Publisher - Authentication Bypass
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
CVE-2008-6550 EXPLOITDB text WORKING POC
Davidbourrier Glossaire - XSS
Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-107388 EXPLOITDB text WRITEUP
getaphpsite Real Estate - Arbitrary File Upload
CVE-2008-2037 EXPLOITDB text WRITEUP
EditeurScripts EsContacts 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php.
CVE-2008-2037 EXPLOITDB text WRITEUP
EditeurScripts EsContacts 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php.
CVE-2008-1296 EXPLOITDB text WORKING POC
EncapsGallery 1.11.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1.11.2 allow remote attackers to inject arbitrary web script or HTML via the file parameter to (1) watermark.php and (2) catalog_watermark.php in core/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1296 EXPLOITDB text WORKING POC
EncapsGallery 1.11.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1.11.2 allow remote attackers to inject arbitrary web script or HTML via the file parameter to (1) watermark.php and (2) catalog_watermark.php in core/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6196 EXPLOITDB text WRITEUP
Philippe Crochat Easysite - Code Injection
Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.