David Sopas Ferreira

13 exploits Active since Nov 2003
EIP-2026-111885 EXPLOITDB text WORKING POC
SamTodo 1.1 - 'tid' Cross-Site Scripting
EIP-2026-111884 EXPLOITDB text WORKING POC
SamTodo 1.1 - 'completed' Cross-Site Scripting
EIP-2026-110361 EXPLOITDB text WORKING POC
osCommerce 2.1/2.2 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2003-1145 EXPLOITDB text WRITEUP
OpenAutoClassifieds 1.0 - Cross-Site Scripting via friendmail.php listing parameter
Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.
CVE-2005-3004 EXPLOITDB text WRITEUP
Interakt MX Shop 3.2.0 - SQL Injection
SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_prd parameters to the pages module in index.php.
EIP-2026-109957 EXPLOITDB text WRITEUP
NooToplist 1.0 - 'index.php' Multiple SQL Injections
CVE-2004-2072 EXPLOITDB text WORKING POC
Mambo Open Source 4.6 - Cross-Site Scripting via Itemid Parameter
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
EIP-2026-108946 EXPLOITDB text WRITEUP
Justin Hagstrom Auto Directory Index 1.2.3 - Cross-Site Scripting
EIP-2026-107769 EXPLOITDB text WRITEUP
IGeneric Free Shopping Cart 1.4 - SQL Injection
EIP-2026-107768 EXPLOITDB text WORKING POC
IGeneric Free Shopping Cart 1.4 - Cross-Site Scripting
CVE-2004-0300 EXPLOITDB text WRITEUP
Online Store Kit 3.0 - SQL Injection via shop.php cat Parameter
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
CVE-2004-0301 EXPLOITDB text WORKING POC
Online Store Kit 3.0 - Cross-Site Scripting via id Parameter in more.php
Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter.
CVE-2008-6631 EXPLOITDB text WRITEUP
BlogPHP 2.0 - Cross-Site Scripting via User Parameter in Sendmessage Action and Username Parameter in Registration
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.