$um$id

6 exploits Active since Dec 2005
CVE-2006-0792 EXPLOITDB text WRITEUP
v-webmail 1.6.2 - Cross-Site Scripting via newid Parameter
Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5669 EXPLOITDB text WORKING POC
Gepi < 1.4.4 - Remote File Inclusion via gestion/savebackup.php filename Parameter
PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.
CVE-2005-4435 EXPLOITDB text WRITEUP
AbleDesign D-Man 3.x - Cross-Site Scripting via Title Parameter
Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-100713 EXPLOITDB text WORKING POC
ACME Perl-Cal 2.99 - Cal_make.pl Cross-Site Scripting
CVE-2006-0073 EXPLOITDB text WORKING POC
DiscusWare Discus Freeware/Professional <3.10.5-3.10.4 - XSS
Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4229 EXPLOITDB text WRITEUP
EveryAuction <= 1.53 - Cross-Site Scripting via Search String Parameter
Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources and independently verified using source code inspection.