liz0

6 exploits Active since Nov 2005
CVE-2006-0235 EXPLOITDB text WRITEUP
WhiteAlbum 2.5 - SQL Injection via Pictures.php Dir Parameter
SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php.
CVE-2005-3924 EXPLOITDB text WRITEUP
Randshop - SQL Injection via kategorieid or katid Parameter
SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters.
EIP-2026-111254 EXPLOITDB text WORKING POC
PHPXplorer 0.9.33 - 'action.php' Directory Traversal
CVE-2005-3947 EXPLOITDB text WORKING POC
PHP Upload Center - Directory Traversal via Filename Parameter
Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter.
EIP-2026-106582 EXPLOITDB text WORKING POC
Drupal 4.x - URL-Encoded Input HTML Injection
CVE-2006-1157 EXPLOITDB text WORKING POC
ADP Forum 2.0.3 - Stored Cross-Site Scripting via Subject Field
Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php.