Anatolia Security

5 exploits Active since Nov 2010
CVE-2010-5284 EXPLOITDB text WORKING POC
Collabtive 0.6.5 - Cross-Site Scripting via User Profile Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.
CVE-2010-4792 EXPLOITDB html WORKING POC
OPEN IT OverLook 5.0 - Cross-Site Scripting via Frame Parameter
Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter.
CVE-2010-5285 EXPLOITDB text WORKING POC
Collabtive 0.6.5 - Cross-Site Request Forgery in Admin User Addition
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.
CVE-2010-4269 EXPLOITDB text WORKING POC
Collabtive 0.65 - SQL Injection via managechat.php chatstart[USERTOID] Cookie
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.
CVE-2010-3449 EXPLOITDB text WORKING POC
Redback < 1.2.4 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.