e.wiZz!

22 exploits Active since Dec 2004
CVE-2008-6977 EXPLOITDB text WORKING POC
Fullrevolution Aspwebalbum - XSS
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
CVE-2008-2295 EXPLOITDB text WRITEUP
Rgboard < 3.0.12 - XSS
Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and other unspecified vectors.
CVE-2004-1553 EXPLOITDB text WORKING POC
Fullrevolution Aspwebalbum - SQL Injection
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
EIP-2026-119334 EXPLOITDB text WORKING POC
Zervit Web Server 0.4 - Directory Traversal / Memory Corruption
EIP-2026-119333 EXPLOITDB text WORKING POC
Zervit Web Server 0.02 - Directory Traversal
EIP-2026-118945 EXPLOITDB text WRITEUP
NaviCOPA Web Server 3.0.1 - Remote Buffer Overflow / Script Source Disclosure
CVE-2008-5691 EXPLOITDB html WORKING POC
Phoenician Casino FlashAX <1.0.0.7 - Buffer Overflow
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
CVE-2009-1354 EXPLOITDB text WORKING POC
Sergey Lyubka Mongoose - Path Traversal
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
EIP-2026-118910 EXPLOITDB WORKING POC
MiniWeb 0.8.19 - Remote Buffer Overflow
CVE-2008-7022 EXPLOITDB html WORKING POC
ChilkatMail_v7_9.dll - RCE
Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method.
CVE-2008-6447 EXPLOITDB html WORKING POC
Quiksoft Easymail Mailstore Object - Memory Corruption
Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.
CVE-2009-1353 EXPLOITDB text WORKING POC
Sebastian Fernandez Zervit - Memory Corruption
Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c.
EIP-2026-113201 EXPLOITDB text WRITEUP
Weatimages - Directory Traversal / Local File Inclusion
CVE-2008-3953 EXPLOITDB text WORKING POC
Vastal I-Tech Shaadi Zone 1.0.9 - SQL Injection
SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.
CVE-2008-2296 EXPLOITDB text WRITEUP
Rgboard - Code Injection
PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
CVE-2008-3767 EXPLOITDB text WORKING POC
phpBazar 2.0.2 - SQL Injection
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
EIP-2026-108951 EXPLOITDB text WRITEUP
K-Rate - SQL Injection
EIP-2026-107093 EXPLOITDB text WRITEUP
fileNice PHP file browser - Local/Remote File Inclusion
CVE-2008-4046 EXPLOITDB text WORKING POC
eliteCMS 1.0 - SQL Injection
SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-4084 EXPLOITDB text WORKING POC
Myiosoft Easyclassifields - SQL Injection
SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.
EIP-2026-104656 EXPLOITDB php WORKING POC
PHP 5.2.8 - 'popen()' Function Buffer Overflow
CVE-2008-6978 EXPLOITDB text WORKING POC
Fullrevolution Aspwebalbum - Improper Input Validation
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.