e.wiZz!

22 exploits Active since Dec 2004
CVE-2008-6977 EXPLOITDB text WORKING POC
aspWebAlbum 3.2 - Cross-Site Scripting via Album Summary Message Parameter
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
CVE-2008-2295 EXPLOITDB text WRITEUP
rgboard < 3.0.12 - Cross-Site Scripting via s_text Parameter
Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and other unspecified vectors.
CVE-2004-1553 EXPLOITDB text WORKING POC
aspWebAlbum - SQL Injection via Username Field or Cat Parameter
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
EIP-2026-119334 EXPLOITDB text WORKING POC
Zervit Web Server 0.4 - Directory Traversal / Memory Corruption
EIP-2026-119333 EXPLOITDB text WORKING POC
Zervit Web Server 0.02 - Directory Traversal
EIP-2026-118945 EXPLOITDB text WRITEUP
NaviCOPA Web Server 3.0.1 - Remote Buffer Overflow / Script Source Disclosure
CVE-2008-5691 EXPLOITDB html WORKING POC
Phoenician Casino FlashAX <1.0.0.7 - Buffer Overflow
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
CVE-2009-1354 EXPLOITDB text WORKING POC
Mongoose 2.4 - Path Traversal via URI
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
EIP-2026-118910 EXPLOITDB WORKING POC
MiniWeb 0.8.19 - Remote Buffer Overflow
CVE-2008-7022 EXPLOITDB html WORKING POC
Chilkat IMAP ActiveX Control - LoadXmlEmail Code Execution
Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method.
CVE-2008-6447 EXPLOITDB html WORKING POC
QuikSoft EasyMail MailStore ActiveX emmailstore.dll 6.5.0.3 - Buffer Overflow via CreateStore Method
Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.
CVE-2009-1353 EXPLOITDB text WORKING POC
Zervit Webserver 0.02 - Buffer Overflow via Long URI
Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c.
EIP-2026-113201 EXPLOITDB text WRITEUP
Weatimages - Directory Traversal / Local File Inclusion
CVE-2008-3953 EXPLOITDB text WORKING POC
Vastal I-Tech Shaadi Zone 1.0.9 - SQL Injection
SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.
CVE-2008-2296 EXPLOITDB text WRITEUP
rgboard 3.0.12 - Remote Code Execution via site_path Parameter
PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
CVE-2008-3767 EXPLOITDB text WORKING POC
phpBazar 2.0.2 - SQL Injection via adid Parameter
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
EIP-2026-108951 EXPLOITDB text WRITEUP
K-Rate - SQL Injection
EIP-2026-107093 EXPLOITDB text WRITEUP
fileNice PHP file browser - Local/Remote File Inclusion
CVE-2008-4046 EXPLOITDB text WORKING POC
eliteCMS 1.0 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-4084 EXPLOITDB text WORKING POC
MyioSoft EasyClassifields 3.0 - SQL Injection via go Parameter in browse Action
SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.
EIP-2026-104656 EXPLOITDB php WORKING POC
PHP 5.2.8 - 'popen()' Function Buffer Overflow
CVE-2008-6978 EXPLOITDB text WORKING POC
Full Revolution aspWebAlbum 3.2 - Unrestricted File Upload and Remote Code Execution via pics/ Directory
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.