Hadi Kiamarsi

10 exploits Active since Mar 2007
CVE-2008-2126 EXPLOITDB text WORKING POC
Tux CMS 0.1 - Cross-Site Scripting via q Parameter or returnURL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php.
CVE-2007-1231 EXPLOITDB text WRITEUP
SQLiteManager 1.2.0 - Cross-Site Scripting via Database and Table Name Fields
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.
CVE-2008-6617 EXPLOITDB perl WORKING POC
SiteXS CMS 0.1.1 - Unauthenticated Arbitrary File Upload via adm/visual/upload.php
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
CVE-2009-4403 EXPLOITDB text WORKING POC
Rumba XML 1.8 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information.
EIP-2026-111462 EXPLOITDB text WORKING POC
pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injections
CVE-2008-4775 EXPLOITDB text WORKING POC
phpMyAdmin 3.0.0 - Cross-Site Scripting via db Parameter
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.
CVE-2008-6406 EXPLOITDB text WORKING POC
DataLife Engine 7.2 - Cross-Site Scripting via admin.php Query String
Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-2186 EXPLOITDB text WORKING POC
Cilekyazilim Chicomas - XSS
Cross-site scripting (XSS) vulnerability in index.php in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2009-3220 EXPLOITDB text WORKING POC
Tecnick Aiocp - Code Injection
PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2009-4747 EXPLOITDB text WORKING POC
All In One Control Panel AIOCP 1.4.001 - RCE
PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220.