Andreas Sandblad

13 exploits Active since Aug 2002
CVE-2002-0783 EXPLOITDB text WORKING POC
Opera Web Browser 5.12-6.01 - Cross-Site Scripting via JavaScript URL in Frame
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
CVE-2002-2312 EXPLOITDB text WORKING POC
Opera 6.0.1 - Arbitrary File Upload via JavaScript Keystroke Event
Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage.
CVE-2003-1026 EXPLOITDB text WORKING POC
Microsoft IE - Access Control
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
EIP-2026-118810 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 5 - Document Reference Zone Bypass
EIP-2026-118811 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)
CVE-2003-1328 EXPLOITDB text WORKING POC
Microsoft Internet Explorer <6.0 - RCE
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
CVE-2002-1688 EXPLOITDB html WORKING POC
Microsoft Internet Explorer <6.0 - XSS
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
EIP-2026-109316 EXPLOITDB text WORKING POC
Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
CVE-2006-2914 EXPLOITDB text WRITEUP
DeluxeBB 1.06 - Remote File Inclusion via Templatefolder Parameter
PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory.
CVE-2005-3405 EXPLOITDB text WRITEUP
ATutor 1.4.1-1.5.1-pl1 - Remote Code Execution via Forum Parameter Injection
ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability.
CVE-2005-3404 EXPLOITDB text WRITEUP
ATutor 1.4.1-1.5.1-pl1 - Remote File Inclusion via Section Parameter Null Byte Injection
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
CVE-2005-3404 EXPLOITDB text WRITEUP
ATutor 1.4.1-1.5.1-pl1 - Remote File Inclusion via Section Parameter Null Byte Injection
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
CVE-2002-2314 EXPLOITDB text WORKING POC
Mozilla 1.0 - Cookie Theft via JavaScript URL with Leading Slashes and Newline
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.