Am!r

29 exploits Active since Sep 2008
EIP-2026-115519 EXPLOITDB perl WORKING POC
KMPlayer 3.0.0.1440 - '.avi' File Local Denial of Service
EIP-2026-114107 EXPLOITDB text WRITEUP
WordPress Plugin TagGator - 'tagid' SQL Injection
EIP-2026-114277 EXPLOITDB text WRITEUP
WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting
EIP-2026-114111 EXPLOITDB text WRITEUP
WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting
CVE-2011-4926 EXPLOITDB text WRITEUP
Bueltge Adminimize < 1.7.21 - XSS
Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2011-5106 EXPLOITDB text WRITEUP
Fractalia Flexible Custom Post Type - XSS
Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
EIP-2026-113758 EXPLOITDB text WRITEUP
WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting
EIP-2026-113757 EXPLOITDB text WRITEUP
WordPress Plugin flash-album-gallery - 'facebook.php' Cross-Site Scripting
CVE-2012-2570 EXPLOITDB text WRITEUP
X-Cart Gold 4.5 - XSS
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
CVE-2011-5107 EXPLOITDB text WRITEUP
Wordpress Alert Before You Post < 0.1.1 - XSS
Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.
EIP-2026-113800 EXPLOITDB text WRITEUP
WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting
CVE-2011-5180 EXPLOITDB text WRITEUP
Zooeffect - XSS
Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party.
CVE-2011-4595 EXPLOITDB MEDIUM text WRITEUP
Caseproof Prettylinks - XSS
Pretty-Link WordPress plugin 1.5.2 has XSS
CVSS 6.1
EIP-2026-113926 EXPLOITDB text WRITEUP
WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting
EIP-2026-113005 EXPLOITDB text WRITEUP
vBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection
CVE-2012-4686 EXPLOITDB text WRITEUP
vBulletin 4.1.10 - SQL Injection
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.
CVE-2012-5903 EXPLOITDB text WRITEUP
Simple Machines Smf - XSS
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.
CVE-2012-4998 EXPLOITDB text WRITEUP
starCMS - XSS
Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
EIP-2026-112252 EXPLOITDB text WRITEUP
SMF - 'view' Cross-Site Scripting
EIP-2026-110810 EXPLOITDB text WRITEUP
PHP-Fusion 7.2.4 - 'weblink_id' SQL Injection
CVE-2012-6043 EXPLOITDB text WRITEUP
Php-fusion - XSS
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
CVE-2009-1620 EXPLOITDB text WRITEUP
Matachat - XSS
Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters.
EIP-2026-108515 EXPLOITDB php WORKING POC
Joomla! Component com_rokdownloads - Arbitrary File Upload
CVE-2008-3941 EXPLOITDB text WRITEUP
BizDirectory <2.04 - XSS
Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.
EIP-2026-107773 EXPLOITDB text WRITEUP
Ignite Solutions CMS - 'car-details.php' SQL Injection