Doz

45 exploits Active since Dec 2006
CVE-2008-1304 EXPLOITDB text WORKING POC
WordPress 2.3.2 - Cross-Site Scripting via Invite Email and To Parameters
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
CVE-2008-1304 EXPLOITDB text WORKING POC
WordPress 2.3.2 - Cross-Site Scripting via Invite Email and To Parameters
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
EIP-2026-112853 EXPLOITDB text WRITEUP
Uebimiau 2.7.10 - 'index.php' Cross-Site Scripting
CVE-2008-4742 EXPLOITDB text WRITEUP
TimeTrex 2.2.11 - Cross-Site Scripting via Login Parameters
Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters.
CVE-2007-5725 EXPLOITDB text WRITEUP
Smart-Shop - Cross-Site Scripting via Email or Command Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via (1) the email parameter to index.php; or the command parameter to index.php in (2) the default action for the home page, (3) a currencies action, or (4) a basket action.
EIP-2026-111934 EXPLOITDB text WRITEUP
SchoolCenter 7.5 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-0567 EXPLOITDB text WRITEUP
PHP Membership Manager 1.5 - Cross-Site Scripting via _p Parameter
Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter.
CVE-2007-5724 EXPLOITDB text WRITEUP
Omnistar Live - Cross-Site Scripting via category_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php.
CVE-2007-6136 EXPLOITDB text WRITEUP
M2Scripts MySpace Scripts Poll Creator - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information.
CVE-2007-6646 EXPLOITDB text WRITEUP
LiveCart < 1.1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete.
CVE-2007-6646 EXPLOITDB text WRITEUP
LiveCart < 1.1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete.
CVE-2007-6646 EXPLOITDB text WRITEUP
LiveCart < 1.1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete.
CVE-2007-6646 EXPLOITDB text WRITEUP
LiveCart < 1.1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete.
EIP-2026-108858 EXPLOITDB text WRITEUP
Joomla! Component SMF Forum 1.1.4 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-6574 EXPLOITDB text WRITEUP
Dokeos <1.8.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
EIP-2026-106686 EXPLOITDB text WRITEUP
Easebay Resources Paypal Subscription - Manager Multiple Input Validation Vulnerabilities
EIP-2026-106685 EXPLOITDB text WRITEUP
Easebay Resources Login Manager - Multiple Input Validation Vulnerabilities
CVE-2007-6574 EXPLOITDB text WRITEUP
Dokeos <1.8.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
CVE-2007-6574 EXPLOITDB text WRITEUP
Dokeos <1.8.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
CVE-2007-6374 EXPLOITDB text WRITEUP
bitweaver < 2.0.0 - Cross-Site Scripting via PATH_INFO to users/register.php or search/index.php
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
CVE-2007-6375 EXPLOITDB text WRITEUP
bitweaver <= 2.0.0 - SQL Injection via sort_mode or highlight Parameter
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.
CVE-2007-6374 EXPLOITDB text WRITEUP
bitweaver < 2.0.0 - Cross-Site Scripting via PATH_INFO to users/register.php or search/index.php
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
CVE-2007-4899 EXPLOITDB text WRITEUP
Boinc Forum < 5.10.20 - Cross-Site Scripting via Forum ID or Search String Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3) bodies search.
CVE-2007-4899 EXPLOITDB text WRITEUP
Boinc Forum < 5.10.20 - Cross-Site Scripting via Forum ID or Search String Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3) bodies search.
CVE-2008-5225 EXPLOITDB text WRITEUP
Xerox DocuShare < 6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.