Anatolia Security

5 exploits Active since Nov 2010
CVE-2010-5284 EXPLOITDB text WORKING POC
Collabtive 0.6.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.
CVE-2010-4792 EXPLOITDB html WORKING POC
OPEN IT OverLook 5.0 - XSS
Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter.
CVE-2010-5285 EXPLOITDB text WORKING POC
Collabtive 0.6.5 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.
CVE-2010-4269 EXPLOITDB text WORKING POC
O-dyn Collabtive - SQL Injection
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.
CVE-2010-3449 EXPLOITDB text WORKING POC
Redback <1.2.4 - CSRF
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.