Avram Marius

7 exploits Active since Feb 2009
CVE-2012-1304 EXPLOITDB text WORKING POC
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
CVE-2011-5041 EXPLOITDB text WORKING POC
Pulse Pro CMS 1.7.2 - Cross-Site Scripting via d or post_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php.
CVE-2008-6179 EXPLOITDB text WORKING POC
IndexScript 3.0 - SQL Injection via sug_cat.php parent_id Parameter
SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.
CVE-2012-1208 EXPLOITDB text WORKING POC
Fork CMS 3.2.4 - Cross-Site Scripting via Report or Error Parameter
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
EIP-2026-107185 EXPLOITDB text WORKING POC
Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106916 EXPLOITDB text WORKING POC
eSyndiCat Directory Software 2.2/2.3 - 'preview' Cross-Site Scripting
CVE-2012-0933 EXPLOITDB text WORKING POC
acidcat_cms 3.5.1, 3.5.2, 3.5.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.