Aliaksandr Hartsuyeu - Security Researcher - Exploit Intelligence Platform

CVE-2006-0110 EXPLOITDB text WRITEUP

Foro Domus 2.10 - Cross-Site Scripting via Email Parameter

Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter.

View Code

CVE-2006-1238 EXPLOITDB text WORKING POC

DSLogin 1.0 - SQL Injection via $log_userid Variable

SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php.

View Code

CVE-2006-1232 EXPLOITDB text WORKING POC

DSDownload 1.0 - SQL Injection via Key or Category Parameter

Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php.

View Code

CVE-2006-1234 EXPLOITDB text WORKING POC

DSCounter 1.2 - SQL Injection via X-Forwarded-For Header

SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.

View Code

EIP-2026-106322 EXPLOITDB text WORKING POC

CyBoards PHP Lite 1.21/1.25 - 'post.php' SQL Injection

View Code

CVE-2006-0877 EXPLOITDB text WRITEUP

Easy Forum 2.5 - Cross-Site Scripting via Image Variable

Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable.

View Code

CVE-2010-4783 EXPLOITDB text WORKING POC

PHP Web Scripts Easy Banner Free 2009.05.18 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.

View Code

CVE-2010-4784 EXPLOITDB text WRITEUP

PHP Web Scripts Easy Banner Free <2009.05.18 - SQL Injection

Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

View Code

EIP-2026-106631 EXPLOITDB text WORKING POC

e-moBLOG 1.3 - Multiple SQL Injections

View Code

EIP-2026-105902 EXPLOITDB text WRITEUP

Clever Copy 2.0/3.0 - Multiple HTML Injection Vulnerabilities

View Code

CVE-2006-0361 EXPLOITDB text WORKING POC

bit_5_blog 8.01 - Stored Cross-Site Scripting via Comment Parameter

Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>.

View Code

EIP-2026-105839 EXPLOITDB text WRITEUP

Chucky A. Ivey N.T. 1.1 - 'index.php' Multiple HTML Injection Vulnerabilities

View Code

EIP-2026-105834 EXPLOITDB text WORKING POC

Chipmunk Guestbook 1.4 - Homepage HTML Injection

View Code

CVE-2006-0136 EXPLOITDB text WRITEUP

Chimera Web Portal System 0.2 - Cross-Site Scripting via Guestbook Module Parameters

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters.

View Code

CVE-2006-0137 EXPLOITDB text WORKING POC

Phanatic Softwares Chimera Web Portal System 0.2 - SQL Injection via linkcategory.php id Parameter

SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2006-0443 EXPLOITDB text WORKING POC

CheesyBlog 1.0 - Stored Cross-Site Scripting via Archive Comment Parameters

Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment.

View Code

CVE-2006-0318 EXPLOITDB text WORKING POC

BlogPHP 1.0 - SQL Injection via Username Parameter

SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.

View Code

CVE-2006-0320 EXPLOITDB text WORKING POC

bit_5_blog < 8.01 - SQL Injection via Username or Password Parameter

SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter.

View Code

CVE-2006-0775 EXPLOITDB text WORKING POC

BirthSys 3.1 - SQL Injection via show.php $month Parameter

Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error.

View Code

EIP-2026-105079 EXPLOITDB text WORKING POC

Alguest 1.1 - Multiple Cookie Authentication Bypass Vulnerabilities

View Code

CVE-2006-1613 EXPLOITDB text WORKING POC

aWebNews 1.0 - SQL Injection via user123 Parameter or cid Parameter

Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php.

View Code

CVE-2006-0310 EXPLOITDB text WRITEUP

aoblogger 2.3 - Stored Cross-Site Scripting via BBcode URL Tag

Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.

View Code

CVE-2006-0311 EXPLOITDB text WRITEUP

aoblogger 2.3 - SQL Injection via Username Parameter

SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

View Code

CVE-2006-0312 EXPLOITDB text WRITEUP

aoblogger 2.3 - Unauthenticated Blog Entry Creation via uza Parameter

create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.

View Code

CVE-2006-0462 EXPLOITDB text WORKING POC

AndoNET Blog 2004.09.02 - SQL Injection via Entrada Parameter

SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter.

View Code