H4ckCity Security Team

13 exploits Active since Aug 2008
EIP-2026-114392 EXPLOITDB text WRITEUP
WSN Links Script 2.3.4 - SQL Injection
CVE-2012-0901 EXPLOITDB text WRITEUP
YouSayToo auto-publishing plugin 1.0 - XSS
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
CVE-2012-5346 EXPLOITDB text WRITEUP
WordPress WP Live.php <1.2.1 - XSS
Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-5342 EXPLOITDB text WRITEUP
SenseSites CommonSense CMS - SQL Injection
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
CVE-2012-5342 EXPLOITDB text WRITEUP
SenseSites CommonSense CMS - SQL Injection
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
CVE-2012-5342 EXPLOITDB text WRITEUP
SenseSites CommonSense CMS - SQL Injection
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
EIP-2026-111421 EXPLOITDB text WORKING POC
Posse Softball Director CMS - SQL Injection
CVE-2012-5099 EXPLOITDB text WRITEUP
phpb2b < 4.1 - Cross-Site Scripting via list.php q Parameter
Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
CVE-2012-5098 EXPLOITDB text WRITEUP
Php-X-Links - SQL Injection via id, cid, or t Parameter
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.
CVE-2008-3513 EXPLOITDB text WORKING POC
Book Catalog module 1.0 - SQL Injection
SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.
CVE-2012-6529 EXPLOITDB text WRITEUP
Marinet CMS - SQL Injection via id or roomid Parameter
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
CVE-2012-6529 EXPLOITDB text WRITEUP
Marinet CMS - SQL Injection via id or roomid Parameter
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
CVE-2012-6529 EXPLOITDB text WRITEUP
Marinet CMS - SQL Injection via id or roomid Parameter
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.