Ahmet Sabri ALPER - Security Researcher - Exploit Intelligence Platform

EIP-2026-110932 EXPLOITDB text WRITEUP

PHPay 2.2 - Cross-Site Scripting

View Code

EIP-2026-110933 EXPLOITDB text WRITEUP

PHPay 2.2 - Multiple Full Path Disclosure Vulnerabilities

View Code

CVE-2002-0932 EXPLOITDB text WRITEUP

MyHelpDesk < 2002-05-09 - SQL Injection via id Parameter

SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog.

View Code

CVE-2002-0931 EXPLOITDB text WRITEUP

MyHelpDesk < 2002-05-09 - Cross-Site Scripting via Ticket Title, Description, or ID Parameter

Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited.

View Code

CVE-2002-0931 EXPLOITDB text WRITEUP

MyHelpDesk < 2002-05-09 - Cross-Site Scripting via Ticket Title, Description, or ID Parameter

Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited.

View Code

CVE-2002-0962 EXPLOITDB text WRITEUP

GeekLog < 1.3.5 - Cross-Site Scripting via Calendar Event Link, Topic Parameter, or Comment Title

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

View Code

CVE-2002-0962 EXPLOITDB text WORKING POC

GeekLog < 1.3.5 - Cross-Site Scripting via Calendar Event Link, Topic Parameter, or Comment Title

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

View Code