Exploit Intelligence Platform

CVE-2005-1074 EXPLOITDB text WRITEUP

RadScripts RadBids Gold 2 - SQL Injection

SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter.

View Code

CVE-2005-1073 EXPLOITDB text WRITEUP

RadScripts RadBids Gold 2 - Path Traversal

Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter.

View Code

CVE-2005-1075 EXPLOITDB text WRITEUP

RadScripts RadBids Gold 2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.

View Code

CVE-2005-1075 EXPLOITDB text WRITEUP

RadScripts RadBids Gold 2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.

View Code

EIP-2026-111439 EXPLOITDB text WRITEUP

PostNuke Phoenix 0.760 RC3 - 'SID' SQL Injection

View Code

CVE-2005-1049 EXPLOITDB text WORKING POC

PostNuke <0.760-RC3 - XSS

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.

View Code

CVE-2005-1049 EXPLOITDB text WORKING POC

PostNuke <0.760-RC3 - XSS

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.

View Code

EIP-2026-110981 EXPLOITDB text WORKING POC

phpBB Photo Album Module 2.0.53 - 'Album_Comment.php' Cross-Site Scripting

View Code

EIP-2026-110992 EXPLOITDB text WORKING POC

PHPBB2 Plus 1.5 - 'viewtopic.php' Cross-Site Scripting

View Code

EIP-2026-110989 EXPLOITDB text WORKING POC

PHPBB2 Plus 1.5 - 'GroupCP.php' Cross-Site Scripting

View Code

CVE-2005-1384 EXPLOITDB text WRITEUP

phpCoin 1.2.2 - SQL Injection

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.

View Code

EIP-2026-110980 EXPLOITDB text WRITEUP

phpBB Photo Album 2.0.53 Module - 'Album_Cat.php' Cross-Site Scripting

View Code

EIP-2026-110925 EXPLOITDB text WORKING POC

phpAuction 2.5 - Multiple Vulnerabilities

View Code

EIP-2026-110991 EXPLOITDB text WORKING POC

PHPBB2 Plus 1.5 - 'Portal.php' Multiple Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-110990 EXPLOITDB text WORKING POC

PHPBB2 Plus 1.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2005-1384 EXPLOITDB text WORKING POC

phpCoin 1.2.2 - SQL Injection

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.

View Code

EIP-2026-110861 EXPLOITDB text WORKING POC

PHP-Nuke 7.6 Surveys Module - HTTP Response Splitting

View Code

EIP-2026-109247 EXPLOITDB text WORKING POC

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion

View Code

EIP-2026-109246 EXPLOITDB text WORKING POC

MagicScripts E-Store Kit-2 PayPal Edition - Cross-Site Scripting

View Code

CVE-2005-0955 EXPLOITDB text WRITEUP

InterAKT MX Shop 1.1.1 - SQL Injection

SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter.

View Code

EIP-2026-107886 EXPLOITDB text WORKING POC

Interspire articlelive 2005 - Multiple Vulnerabilities

View Code

CVE-2005-1070 EXPLOITDB text WRITEUP

Invision Power Board <1.3.1 - SQL Injection

SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.

View Code

CVE-2005-1487 EXPLOITDB text WRITEUP

FishCart 3.1 - SQL Injection

Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable

View Code

CVE-2005-1487 EXPLOITDB text WRITEUP

FishCart 3.1 - SQL Injection

Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable

View Code

CVE-2005-1486 EXPLOITDB text WORKING POC

FishCart 3.1 - XSS

Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.

View Code

Dcrab