AutoSec Tools

108 exploits Active since Feb 2011
CVE-2011-1714 EXPLOITDB text WORKING POC
qooxdoo 1.3 - Cross-Site Scripting via Callback Parameter
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2011-4828 METASPLOIT ruby WORKING POC
AutoSec Tools V-CMS 1.0 - Remote Code Execution via Unrestricted File Upload in Inline Image Upload
Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.
EIP-2026-119444 EXPLOITDB text WORKING POC
Tele Data Contact Management Server - Directory Traversal
EIP-2026-119381 EXPLOITDB python WORKING POC
InterPhoto Image Gallery 2.4.2 - 'IPLANG' Local File Inclusion
EIP-2026-119291 EXPLOITDB text WORKING POC
wodWebServer.NET 1.3.3 - Directory Traversal
EIP-2026-119142 EXPLOITDB text WORKING POC
Simple Web Server 1.2 - Directory Traversal
EIP-2026-118462 EXPLOITDB text WORKING POC
Easy File Sharing Web Server 5.8 - Multiple Vulnerabilities
EIP-2026-116237 EXPLOITDB text WORKING POC
serva32 1.2.00 rc1 - Multiple Vulnerabilities
EIP-2026-116202 EXPLOITDB python WORKING POC
Rumble 0.25.2232 - Denial of Service
CVE-2011-0740 EXPLOITDB text WRITEUP
RSS Feed Reader 0.1 for WordPress - Cross-Site Scripting via rss_url Parameter
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
EIP-2026-114109 EXPLOITDB text WRITEUP
WordPress Plugin TagNinja 1.0 - 'id' Cross-Site Scripting
EIP-2026-114289 EXPLOITDB text WRITEUP
WordPress Plugin YT-Audio 1.7 - 'v' Cross-Site Scripting
EIP-2026-114387 EXPLOITDB php WORKING POC
WS Interactive Automne 4.1 - '/admin/upload-controler.php' Arbitrary File Upload
EIP-2026-114231 EXPLOITDB text WRITEUP
WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure
EIP-2026-114150 EXPLOITDB text WRITEUP
WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting
EIP-2026-114177 EXPLOITDB text WRITEUP
WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting
EIP-2026-114216 EXPLOITDB text WRITEUP
WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting
EIP-2026-114002 EXPLOITDB php WORKING POC
WordPress Plugin Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload
EIP-2026-113739 EXPLOITDB text WRITEUP
WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting
EIP-2026-113740 EXPLOITDB text WRITEUP
WordPress Plugin Feature Slideshow 1.0.6 - 'src' Cross-Site Scripting
EIP-2026-113434 EXPLOITDB text WORKING POC
Wikiwig 5.01 - Cross-Site Scripting / HTML Injection
EIP-2026-113573 EXPLOITDB text WRITEUP
WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting
EIP-2026-113820 EXPLOITDB text WRITEUP
WordPress Plugin IGIT Posts Slider Widget 1.0 - 'src' Cross-Site Scripting
CVE-2011-5267 EXPLOITDB text WORKING POC
WikiWig 5.01 - Cross-Site Scripting via SpellChecker Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670.
EIP-2026-113848 EXPLOITDB text WORKING POC
WordPress Plugin jQuery Mega Menu 1.0 - Local File Inclusion