Ferruh Mavituna

15 exploits Active since Jun 2003
CVE-2004-0549 EXPLOITDB text WORKING POC
Internet Explorer 6 - RCE
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
EIP-2026-118841 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6 - URL Local Resource Access
CVE-2003-0295 EXPLOITDB html WORKING POC
vBulletin 3.0.0 Beta 2 - XSS
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
CVE-2003-1031 EXPLOITDB text WORKING POC
vBulletin 3.0 Beta 2 - XSS
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
EIP-2026-110851 EXPLOITDB text WORKING POC
PHP-Nuke 6.5 - 'modules.php?Username' Cross-Site Scripting
CVE-2003-0310 EXPLOITDB text WORKING POC
eZ publish 2.2 - XSS
Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.
EIP-2026-106581 EXPLOITDB text WORKING POC
Drupal 4.1/4.2 - Cross-Site Scripting
CVE-2008-7184 EXPLOITDB text WRITEUP
Diigo Toolbar/Diigolet - XSS
Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment.
CVE-2007-1355 EXPLOITDB text WRITEUP
Apache Tomcat < 4.1.37 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
EIP-2026-100621 EXPLOITDB text WORKING POC
Web Wiz Forums 7.x - 'Registration_Rules.asp' Cross-Site Scripting
CVE-2004-2060 EXPLOITDB text WRITEUP
ASPRunner 2.4 - Info Disclosure
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
CVE-2004-2059 EXPLOITDB text WRITEUP
Xlinesoft Asprunner - XSS
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
CVE-2004-2059 EXPLOITDB text WRITEUP
Xlinesoft Asprunner - XSS
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
CVE-2004-2059 EXPLOITDB text WORKING POC
Xlinesoft Asprunner - XSS
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
CVE-2004-2059 EXPLOITDB text WORKING POC
Xlinesoft Asprunner - XSS
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.