DarkBicho

10 exploits Active since Aug 2004
CVE-2004-0664 EXPLOITDB text WRITEUP
PowerPortal 1.x - Directory Traversal via Files Parameter
Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter.
EIP-2026-111427 EXPLOITDB text WRITEUP
PostNuke 0.72/0.75 Reviews Module - Cross-Site Scripting
CVE-2004-2625 EXPLOITDB text WORKING POC
Outblaze Email - Stored Cross-Site Scripting via IMG Tag Attribute
Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.
EIP-2026-107319 EXPLOITDB text WORKING POC
Fusionphp Fusion News 3.6.1 - Cross-Site Scripting
CVE-2004-0660 EXPLOITDB text WORKING POC
CuteNews 1.3.1 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
CVE-2004-0660 EXPLOITDB text WRITEUP
CuteNews 1.3.1 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
CVE-2004-0660 EXPLOITDB text WRITEUP
CuteNews 1.3.1 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
CVE-2004-0660 EXPLOITDB text WRITEUP
CuteNews 1.3.1 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
EIP-2026-105695 EXPLOITDB text WRITEUP
Calendarix 0.8.20071118 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
CVE-2004-0665 EXPLOITDB text WORKING POC
csFAQ - Information Disclosure via Invalid Database Parameter
csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message.