Gerendi Sandor Attila

6 exploits Active since Apr 2008
CVE-2008-1956 EXPLOITDB text WRITEUP
Wikepage Opus 13 2007.2 - Cross-Site Scripting via Wiki Parameter
Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to inject arbitrary web script or HTML via the wiki parameter.
CVE-2008-4769 EXPLOITDB text WORKING POC
WordPress < 2.3.3 - Path Traversal via Cat Parameter
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-1842 EXPLOITDB text WORKING POC
PHP-Nuke 8.0 - SQL Injection via HTTP Referer Header
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
CVE-2009-1845 EXPLOITDB text WORKING POC
Lussumo Vanilla 1.1.5 and 1.1.7 - Cross-Site Scripting via RequestName Parameter
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.
CVE-2009-1907 EXPLOITDB text WORKING POC
Claroline 1.8.11 - Cross-Site Scripting via Referer HTTP Header
Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
CVE-2009-1616 EXPLOITDB text WORKING POC
Coppermine Photo Gallery < 1.4.22 - Cross-Site Scripting via CSS Parameter
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.