Donnie Werner

8 exploits Active since Sep 2003
CVE-2005-4698 EXPLOITDB text WORKING POC
TellMe <1.2 - XSS
Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters.
CVE-2004-2547 EXPLOITDB text WRITEUP
NetWin SurgeMail <2.0c - Info Disclosure
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
CVE-2004-2548 EXPLOITDB text WRITEUP
NetWin SurgeMail <2.0c - Web XSS
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
CVE-2005-2523 EXPLOITDB text WRITEUP
Apple Weblog Server - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2003-1513 EXPLOITDB text WRITEUP
Caucho Technology Resin - XSS
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.
EIP-2026-100874 EXPLOITDB text WORKING POC
PerlDiver 2.31 - 'Perldiver.cgi' Cross-Site Scripting
EIP-2026-100797 EXPLOITDB text WRITEUP
Eudora WorldMail 2.0 - Search Cross-Site Scripting
CVE-2003-0769 EXPLOITDB text WORKING POC
ICQ Web Front - XSS
Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.