Zone-h Security Team

7 exploits Active since Dec 2003
EIP-2026-112801 EXPLOITDB text WORKING POC
TSguestbook 2.1 - 'Message' HTML Injection
CVE-2003-1089 EXPLOITDB text WRITEUP
Zorum 3.4 - Information Disclosure via Invalid Parameter Names
index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message.
EIP-2026-110504 EXPLOITDB text WRITEUP
PayPal Store Front 3.0 - 'index.php' Remote File Inclusion
EIP-2026-106381 EXPLOITDB text WORKING POC
DCForum+ 1.2 - 'Subject' HTML Injection
CVE-2004-2368 EXPLOITDB text WRITEUP
Opt-X 0.7.2 - Remote File Inclusion via systempath Parameter
PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to execute arbitrary PHP code via the systempath parameter.
CVE-2004-2127 EXPLOITDB text WORKING POC
Web Blog 1.1 - Directory Traversal via File Parameter
Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable.
CVE-2004-2132 EXPLOITDB text WRITEUP
PJ CGI Neo review - Directory Traversal via p Parameter
Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.