G13

15 exploits Active since Aug 2011
CVE-2012-6504 EXPLOITDB text WRITEUP
PHP Volunteer Management 1.0.2 - SQL Injection via id Parameter
SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-2900 EXPLOITDB python WORKING POC
shttpd 1.42 - Stack-based Buffer Overflow in _shttpd_put_dir Function
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
EIP-2026-115434 EXPLOITDB python WORKING POC
Inetserv 3.23 - SMTP Denial of Service
CVE-2011-5026 EXPLOITDB text WRITEUP
Winn GuestBook < 2.4.8d - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2012-2105 EXPLOITDB text WRITEUP
Timesheet Next Gen 1.5.2 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
CVE-2012-2236 EXPLOITDB text WRITEUP
PHP Gift Registry 1.5.5 - Authenticated SQL Injection via UserID Parameter
SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.
CVE-2011-5045 EXPLOITDB text WRITEUP
PHP Booking Calendar 10e - Cross-Site Scripting via page_info_message Parameter
Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.
CVE-2012-6516 EXPLOITDB text WORKING POC
PHP Ticket System Beta 1 - SQL Injection via q Parameter
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
CVE-2012-6505 EXPLOITDB text WRITEUP
PHP Volunteer Management 1.0.2 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
EIP-2026-109896 EXPLOITDB text WRITEUP
network tracker .95 - Persistent Cross-Site Scripting
EIP-2026-107899 EXPLOITDB text WORKING POC
Inventory - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-107576 EXPLOITDB text WORKING POC
Help Desk Software 1.1g - Cross-Site Request Forgery (Add Admin)
EIP-2026-107476 EXPLOITDB text WRITEUP
Gramophone - 'rs' Cross-Site Scripting
CVE-2013-1773 EXPLOITDB text WORKING POC
Linux Kernel < 3.3 - Buffer Overflow in VFAT Filesystem UTF-8 to UTF-16 Conversion
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
EIP-2026-100019 EXPLOITDB text WORKING POC
Android FTPServer 1.9.0 - Remote Denial of Service