BL4CK

5 exploits Active since May 2006
CVE-2008-1646 EXPLOITDB text WRITEUP
WP-Download 1.2 - SQL Injection via dl_id Parameter
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
EIP-2026-105689 EXPLOITDB text WORKING POC
Calendar Express - 'search.php' Cross-Site Scripting
CVE-2006-2369 EXPLOITDB WORKING POC
RealVNC 4.1.1 - Unauthenticated Authentication Bypass via Insecure Security Type
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
CVE-2007-0885 EXPLOITDB text WORKING POC
Rainbow with the Zen - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2007-0925 EXPLOITDB text WORKING POC
Community Server - Cross-Site Scripting via SearchResults.aspx q Parameter
Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.