G13

15 exploits Active since Aug 2011
CVE-2012-6504 EXPLOITDB text WRITEUP
Shawn Bradley Php Volunteer Management - SQL Injection
SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-2900 EXPLOITDB python WORKING POC
Shttpd - Memory Corruption
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
EIP-2026-115434 EXPLOITDB python WORKING POC
Inetserv 3.23 - SMTP Denial of Service
CVE-2011-5026 EXPLOITDB text WRITEUP
Winn Guestbook < 2.4.8c - XSS
Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2012-2105 EXPLOITDB text WRITEUP
Peter Kovacs Timesheet Next Gen - SQL Injection
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
CVE-2012-2236 EXPLOITDB text WRITEUP
Ryan Walberg Php Gift Registry - SQL Injection
SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.
CVE-2011-5045 EXPLOITDB text WRITEUP
Jjwdesign Php Booking Calendar - XSS
Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.
CVE-2012-6516 EXPLOITDB text WORKING POC
Shawn Bradley Php Ticket System - SQL Injection
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
CVE-2012-6505 EXPLOITDB text WRITEUP
Shawn Bradley Php Volunteer Management - XSS
Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
EIP-2026-109896 EXPLOITDB text WRITEUP
network tracker .95 - Persistent Cross-Site Scripting
EIP-2026-107899 EXPLOITDB text WORKING POC
Inventory - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-107576 EXPLOITDB text WORKING POC
Help Desk Software 1.1g - Cross-Site Request Forgery (Add Admin)
EIP-2026-107476 EXPLOITDB text WRITEUP
Gramophone - 'rs' Cross-Site Scripting
CVE-2013-1773 EXPLOITDB text WORKING POC
Linux Kernel < 3.3 - Memory Corruption
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
EIP-2026-100019 EXPLOITDB text WORKING POC
Android FTPServer 1.9.0 - Remote Denial of Service