Cyber-Crystal

8 exploits Active since Apr 2011
CVE-2011-1682 EXPLOITDB html WORKING POC
phpList <2.10.13 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4246 EXPLOITDB html WORKING POC
Phplist < 2.10.18 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.
CVE-2012-4247 EXPLOITDB html WORKING POC
Phplist < 2.10.18 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page.
CVE-2012-5226 EXPLOITDB text WRITEUP
Peel SHOPPING <2.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.
CVE-2011-0748 EXPLOITDB html WORKING POC
Tincan Phplist < 2.10.12 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.
CVE-2012-5005 EXPLOITDB html WORKING POC
VR GPub 4.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action.
CVE-2012-5228 EXPLOITDB html WORKING POC
phplist <2.10.19 - XSS
Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-5227 EXPLOITDB text WRITEUP
Peel SHOPPING <2.9 - SQL Injection
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.