GulfTech Security

165 exploits Active since Mar 2004
EIP-2026-110609 EXPLOITDB text WRITEUP
Phorum < 5.0.3 Beta - Cross Site Scripting
EIP-2026-110533 EXPLOITDB text WORKING POC
PEAR XML_RPC < 1.3.0 - Remote Code Execution
EIP-2026-110447 EXPLOITDB text WORKING POC
PAFileDB 1.1.3/2.1.1/3.0/3.1 - Multiple Input Validation Vulnerabilities
EIP-2026-110369 EXPLOITDB perl SCANNER
osCommerce 2.2 - SQL Injection
CVE-2004-1965 EXPLOITDB text WRITEUP
Open Bulletin Board <= 1.0.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
EIP-2026-110358 EXPLOITDB php WORKING POC
osCommerce 2.1/2.2 - 'product_info.php' SQL Injection
CVE-2005-1951 EXPLOITDB text WRITEUP
osCommerce 2.2 - HTTP Response Splitting
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.
EIP-2026-110382 EXPLOITDB text WRITEUP
osCommerce < 2.2-MS2 - Multiple Vulnerabilities
EIP-2026-110405 EXPLOITDB text WRITEUP
osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
CVE-2005-2012 EXPLOITDB text WORKING POC
paFAQ 1.0 Beta 4 - SQL Injection via Username or ID Parameter
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.
CVE-2005-2011 EXPLOITDB text WORKING POC
paFAQ 1.0 Beta 4 - Cross-Site Scripting via Question Action ID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
CVE-2005-1053 EXPLOITDB text WRITEUP
ModernBill < 4.3.0 - Cross-Site Scripting via orderwiz.php c_code or aid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.
CVE-2005-2468 EXPLOITDB perl WORKING POC
MySQL Eventum <= 1.5.5 - SQL Injection via Multiple Functions
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
CVE-2005-2467 EXPLOITDB text WRITEUP
MySQL Eventum <= 1.5.5 - Cross-Site Scripting via id, release, or F Parameter
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.
CVE-2005-2467 EXPLOITDB text WRITEUP
MySQL Eventum <= 1.5.5 - Cross-Site Scripting via id, release, or F Parameter
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.
CVE-2005-2467 EXPLOITDB text WRITEUP
MySQL Eventum <= 1.5.5 - Cross-Site Scripting via id, release, or F Parameter
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.
CVE-2005-1054 EXPLOITDB text WRITEUP
ModernBill < 4.3.0 - Remote File Inclusion via DIR Parameter
PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code.
CVE-2005-1053 EXPLOITDB text WRITEUP
ModernBill < 4.3.0 - Cross-Site Scripting via orderwiz.php c_code or aid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.
CVE-2006-0871 EXPLOITDB text WRITEUP
Mambo 4.5.3, 4.5.3h - Path Traversal via mos_change_template Parameter
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.
EIP-2026-109275 EXPLOITDB text WRITEUP
Mambo < 4.5.4 - SQL Injection
EIP-2026-109274 EXPLOITDB text WRITEUP
Mambo < 4.5 - Multiple Vulnerabilities
CVE-2004-1412 EXPLOITDB text WRITEUP
Kayako eSupport 2.x - Cross-Site Scripting via index.php searchm Parameter
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.
CVE-2006-0774 EXPLOITDB text WORKING POC
DB_eSession < 1.0.2 - SQL Injection via $_sess_id_set Variable
SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID.
CVE-2008-3700 EXPLOITDB text WORKING POC
Kayako SupportSuite < 3.20.02 - Cross-Site Scripting via SessionID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
CVE-2008-3700 EXPLOITDB text WRITEUP
Kayako SupportSuite < 3.20.02 - Cross-Site Scripting via SessionID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.