ZoRLu

253 exploits Active since Feb 2007
CVE-2008-5806 EXPLOITDB text WORKING POC
DeltaScripts PHP Classifieds <7.5 - SQL Injection
SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information.
CVE-2008-2264 EXPLOITDB text WRITEUP
CyrixMED 1.4 - Cross-Site Scripting via msg_erreur Parameter
Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1934 EXPLOITDB text WORKING POC
Crazy Goomba 1.2.1 - SQL Injection via commentaires.php id Parameter
SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5290 EXPLOITDB text WRITEUP
Clean CMS 1.5 - Cross-Site Scripting via full_txt.php id Parameter
Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-5215 EXPLOITDB text WORKING POC
ClanLite 2.2006.05.20 - SQL Injection
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
CVE-2008-7134 EXPLOITDB text WORKING POC
RedGalaxy Download Center 1.2 - Cross-Site Scripting via Multiple URI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-7072 EXPLOITDB text WORKING POC
Chipmunk Topsites - Cross-Site Scripting via Start Parameter
Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter.
CVE-2008-1479 EXPLOITDB text WORKING POC
cyberfrogs cfnetgs 0.24 - Cross-Site Scripting via Directory Parameter
Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5781 EXPLOITDB text WORKING POC
Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 - SQL Injection
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2008-2219 EXPLOITDB text WRITEUP
C-News 1.0.1 - Cross-Site Scripting via Etape Parameter
Cross-site scripting (XSS) vulnerability in install.php in C-News.fr C-News 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the etape parameter.
EIP-2026-105645 EXPLOITDB text WORKING POC
Built2Go PHP Rate My Photo 1.46.4 - Arbitrary File Upload
CVE-2008-6526 EXPLOITDB text WORKING POC
BosDev BosClassifieds - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2008-1838.
EIP-2026-105644 EXPLOITDB text WRITEUP
Built2Go PHP Link Portal 1.95.1 - Arbitrary File Upload
CVE-2008-7134 EXPLOITDB text WORKING POC
RedGalaxy Download Center 1.2 - Cross-Site Scripting via Multiple URI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-7134 EXPLOITDB text WORKING POC
RedGalaxy Download Center 1.2 - Cross-Site Scripting via Multiple URI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2414 EXPLOITDB text WRITEUP
AN Guestbook 0.4 - Cross-Site Scripting via send_email.php postid Parameter
Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.
CVE-2008-5338 EXPLOITDB text WORKING POC
Bandwebsite 1.5 - XSS
Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
CVE-2008-4074 EXPLOITDB text WORKING POC
Zanfi Autodealers CMS AutOnline - SQL Injection via index.php id Parameter
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2009-1229 EXPLOITDB text WORKING POC
arcadwy_arcade_script - SQL Injection via User Cookie Parameter
SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.
CVE-2008-6272 EXPLOITDB text WORKING POC
Dragan Mitic Apoll 0.7 beta and 0.7.5 - SQL Injection via Admin Index Pass Parameter
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter.
CVE-2008-6683 EXPLOITDB text WORKING POC
Apartment Search Script - Cross-Site Scripting via r Parameter
Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter.
CVE-2008-5650 EXPLOITDB text WORKING POC
AlstraSoft Web Host Directory - SQL Injection
SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter.
CVE-2008-6932 EXPLOITDB text WORKING POC
AlstraSoft SendIt Pro - Unauthenticated Arbitrary File Upload via submit_file.php
Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/.
CVE-2008-5649 EXPLOITDB text WORKING POC
AlstraSoft Article Manager Pro 1.6 - SQL Injection
SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.
EIP-2026-105126 EXPLOITDB text WORKING POC
Alstrasoft Article Manager Pro - Arbitrary File Upload