GulfTech Security - Security Researcher - Exploit Intelligence Platform

EIP-2026-110609 EXPLOITDB text WRITEUP

Phorum < 5.0.3 Beta - Cross Site Scripting

View Code

EIP-2026-110533 EXPLOITDB text WORKING POC

PEAR XML_RPC < 1.3.0 - Remote Code Execution

View Code

EIP-2026-110447 EXPLOITDB text WORKING POC

PAFileDB 1.1.3/2.1.1/3.0/3.1 - Multiple Input Validation Vulnerabilities

View Code

EIP-2026-110369 EXPLOITDB perl SCANNER

osCommerce 2.2 - SQL Injection

View Code

CVE-2004-1965 EXPLOITDB text WRITEUP

OpenBB 1.0.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.

View Code

EIP-2026-110358 EXPLOITDB php WORKING POC

osCommerce 2.1/2.2 - 'product_info.php' SQL Injection

View Code

CVE-2005-1951 EXPLOITDB text WRITEUP

osCommerce 2.2 - HTTP Response Splitting

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

View Code

EIP-2026-110382 EXPLOITDB text WRITEUP

osCommerce < 2.2-MS2 - Multiple Vulnerabilities

View Code

EIP-2026-110405 EXPLOITDB text WRITEUP

osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities

View Code

CVE-2005-2012 EXPLOITDB text WORKING POC

PHP Arena Pafaq - SQL Injection

Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.

View Code

CVE-2005-2011 EXPLOITDB text WORKING POC

PHP Arena Pafaq - XSS

Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.

View Code

CVE-2005-1053 EXPLOITDB text WRITEUP

ModernBill <4.3.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.

View Code

CVE-2005-2468 EXPLOITDB perl WORKING POC

Mysql Eventum - SQL Injection

Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.

View Code

CVE-2005-2467 EXPLOITDB text WRITEUP

Mysql Eventum - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.

View Code

CVE-2005-2467 EXPLOITDB text WRITEUP

Mysql Eventum - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.

View Code

CVE-2005-2467 EXPLOITDB text WRITEUP

Mysql Eventum - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.

View Code

CVE-2005-1054 EXPLOITDB text WRITEUP

ModernBill <4.3.0 - RCE

PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code.

View Code

CVE-2005-1053 EXPLOITDB text WRITEUP

ModernBill <4.3.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.

View Code

CVE-2006-0871 EXPLOITDB text WRITEUP

Mambo - Path Traversal

Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.

View Code

EIP-2026-109275 EXPLOITDB text WRITEUP

Mambo < 4.5.4 - SQL Injection

View Code

EIP-2026-109274 EXPLOITDB text WRITEUP

Mambo < 4.5 - Multiple Vulnerabilities

View Code

CVE-2004-1412 EXPLOITDB text WRITEUP

Kayako Esupport - XSS

Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.

View Code

CVE-2006-0774 EXPLOITDB text WORKING POC

Lawrence Osiris DB Esession < 1.0.2 - SQL Injection

SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID.

View Code

CVE-2008-3700 EXPLOITDB text WORKING POC

Kayako SupportSuite <3.20.02 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.

View Code

CVE-2008-3700 EXPLOITDB text WRITEUP

Kayako SupportSuite <3.20.02 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.

View Code