Chris Cooper

6 exploits Active since Aug 2012
CVE-2012-4768 EXPLOITDB text WORKING POC
WordPress Download Monitor <3.3.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
CVE-2012-4242 EXPLOITDB text WORKING POC
MF Gig Calendar - XSS
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
CVE-2012-4237 EXPLOITDB text WRITEUP
Tecnick Tcexam < 11.3.007 - SQL Injection
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
CVE-2012-4237 EXPLOITDB text WRITEUP
Tecnick Tcexam < 11.3.007 - SQL Injection
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
CVE-2012-4236 EXPLOITDB text WRITEUP
Totalshopuk Ecommerce < 2.1.2 - XSS
Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-4240 EXPLOITDB text WRITEUP
Group-office Groupoffice < 4.0.89 - SQL Injection
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.