EllipSiS Security

14 exploits Active since Jun 2006
CVE-2006-3271 EXPLOITDB text WRITEUP
Softbiz Dating 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
CVE-2006-3271 EXPLOITDB text WRITEUP
Softbiz Dating 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
CVE-2006-3271 EXPLOITDB text WRITEUP
Softbiz Dating 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
CVE-2006-3271 EXPLOITDB text WRITEUP
Softbiz Dating 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
CVE-2006-3405 EXPLOITDB text WORKING POC
QTOFileManager 1.0 - Cross-Site Scripting via delete, pathext, or edit Parameters
Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters.
CVE-2006-3926 EXPLOITDB text WRITEUP
PhpProBid 5.24 - SQL Injection via View/Start/OrderType Parameters
Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.
CVE-2006-3927 EXPLOITDB text WRITEUP
PhpProBid 5.24 - Cross-Site Scripting via auctionsearch.php advsrc Parameter
Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter.
CVE-2006-3926 EXPLOITDB text WRITEUP
PhpProBid 5.24 - SQL Injection via View/Start/OrderType Parameters
Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.
CVE-2006-3358 EXPLOITDB text WORKING POC
NewsPHP 2006 PRO - Cross-Site Scripting via Index.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue.
CVE-2006-3886 EXPLOITDB text WRITEUP
Shalwan MusicBox <= 2.3.4 - SQL Injection via Page Parameter
SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360.
CVE-2006-7072 EXPLOITDB text WORKING POC
GeoClassifieds Enterprise <= 2.0.5.2 - Cross-Site Scripting via b[username] or c Parameter
Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php.
EIP-2026-106365 EXPLOITDB text WORKING POC
Dating Agent 4.7.1 - Multiple Input Validation Vulnerabilities
CVE-2006-3259 EXPLOITDB text WORKING POC
e107 < 0.7.5 - Cross-Site Scripting via Search and Comment Parameters
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
EIP-2026-105524 EXPLOITDB text WRITEUP
Blog:CMS 4.1 - 'Thumb.php' Remote File Inclusion