David Vieira-Kurz

10 exploits Active since Nov 2006
CVE-2008-6045 EXPLOITDB text WRITEUP
xt:Commerce <3.0.4 - Info Disclosure
Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.
CVE-2008-6044 EXPLOITDB text WRITEUP
xt-commerce < 3.0.4 - Cross-Site Scripting via Advanced Search Keywords Parameter
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
CVE-2011-0635 EXPLOITDB text WORKING POC
Simploo CMS < 1.7.1 - Authenticated PHP Code Injection via FTP-Server Parameter
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.
CVE-2006-6451 EXPLOITDB text WORKING POC
Plesk < 8.0.1 - Cross-Site Scripting via get_password.php or login_up.php3 Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
CVE-2006-6451 EXPLOITDB text WORKING POC
Plesk < 8.0.1 - Cross-Site Scripting via get_password.php or login_up.php3 Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
CVE-2007-2061 EXPLOITDB text WRITEUP
AfterLogic MailBee WebMail Pro 3.4 - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2006-5643 EXPLOITDB text WRITEUP
foresite CMS - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter.
EIP-2026-106134 EXPLOITDB text WRITEUP
ConPresso CMS 4.07 - Multiple Remote Vulnerabilities
CVE-2008-6039 EXPLOITDB text WRITEUP
BLUEPAGE CMS <2.5 - Info Disclosure
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
EIP-2026-104756 EXPLOITDB text WRITEUP
PHP 5.3 - 'preg_match()' Full Path Disclosure