euronymous

19 exploits Active since Dec 2002
CVE-2003-0312 EXPLOITDB text WRITEUP
Snowblind Web Server 1.0 - Path Traversal
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
CVE-2003-1242 EXPLOITDB text WRITEUP
Sage 1.0 b3 - Information Disclosure via Non-Existent Module Request
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.
CVE-2003-1243 EXPLOITDB text WORKING POC
Sage 1.0 b3 - Cross-Site Scripting via mod Parameter
Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.
EIP-2026-118717 EXPLOITDB text WRITEUP
Kukol E.V. HTTP & FTP Server Suite 6.2 - File Disclosure
CVE-2003-0315 EXPLOITDB text WORKING POC
Snowblind Web Server 1.0 - DoS/Buffer Overflow
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow.
CVE-2003-0314 EXPLOITDB text WORKING POC
Snowblind Web Server 1.0 - Denial of Service via URL Ending in </ Sequence
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence.
CVE-2003-0395 EXPLOITDB text WORKING POC
Ultimate PHP Board 1.9 - Remote Code Execution via User-Agent Header
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
EIP-2026-112884 EXPLOITDB text WORKING POC
Ultimate PHP Board Board 1.0 final Beta - 'viewtopic.php' Cross-Site Scripting
EIP-2026-112878 EXPLOITDB text WRITEUP
Ultimate PHP Board 1.0 final Beta - 'viewtopic.php' Directory Contents Browsing
CVE-2003-1555 EXPLOITDB text WRITEUP
ScozBook 1.1 BETA - Exposure of Sensitive Information via Invalid PG Parameter
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.
CVE-2002-2247 EXPLOITDB text WRITEUP
Mambo Site Server 4.0.11 - Info Disclosure
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
CVE-2002-2288 EXPLOITDB text WRITEUP
Mambo Site Server 4.0.11 - Physical Path Exposure via Invalid Parameter Error
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.
CVE-2003-1535 EXPLOITDB text WRITEUP
Justice Guestbook 1.3 - Exposure of Sensitive Information via cfooter.php3
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.
EIP-2026-105429 EXPLOITDB text WRITEUP
Beanwebb Guestbook 1.0 - Unauthorized Administrative Access
EIP-2026-104390 EXPLOITDB text WORKING POC
Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
EIP-2026-104054 EXPLOITDB text WORKING POC
Python 2.2/2.3 - Documentation Server Error Page Cross-Site Scripting
CVE-2003-0409 EXPLOITDB python WORKING POC
BRS WebWeaver <1.04 - Buffer Overflow
Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request.
EIP-2026-103084 EXPLOITDB text WORKING POC
BRS Webweaver 1.0 1 - MKDir Directory Traversal
CVE-2002-1785 EXPLOITDB text WORKING POC
Zeus Web Server 4.0-4.1r2 - Authenticated Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.