Avram Marius - Security Researcher - Exploit Intelligence Platform

CVE-2012-1304 EXPLOITDB text

Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting

View Code

CVE-2011-5041 EXPLOITDB text WORKING POC

Pulsecms Pulse Cms - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php.

View Code

CVE-2008-6179 EXPLOITDB text WORKING POC

Indexscript - SQL Injection

SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.

View Code

CVE-2012-1208 EXPLOITDB text WORKING POC

Fork-cms Fork Cms - XSS

Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.

View Code

EIP-2026-107185 EXPLOITDB text WORKING POC

Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-106916 EXPLOITDB text WORKING POC

eSyndiCat Directory Software 2.2/2.3 - 'preview' Cross-Site Scripting

View Code

CVE-2012-0933 EXPLOITDB text WORKING POC

Acidcat CMS <3.5.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.

View Code