High-Tech Bridge SA - Security Researcher - Exploit Intelligence Platform

CVE-2015-8770 EXPLOITDB HIGH text WRITEUP

Roundcube Webmail < 1.0.7 - Path Traversal

Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.

CVSS 7.5

View Code

CVE-2011-5313 EXPLOITDB text WRITEUP

Redaxscript - SQL Injection

Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program.

View Code

EIP-2026-111738 EXPLOITDB text WORKING POC

reos 2.0.5 - Multiple Vulnerabilities

View Code

EIP-2026-111764 EXPLOITDB text WORKING POC

REvolution 10.02 - Cross-Site Request Forgery

View Code

CVE-2010-5051 EXPLOITDB text WORKING POC

RazorCMS 1.0 - XSS

Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.

View Code

EIP-2026-111774 EXPLOITDB text WRITEUP

Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injections

View Code

EIP-2026-111482 EXPLOITDB text WRITEUP

Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities

View Code

EIP-2026-111400 EXPLOITDB text WORKING POC

poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-111461 EXPLOITDB text WORKING POC

Prado Portal 1.2 - 'page' Cross-Site Scripting

View Code

CVE-2012-2452 EXPLOITDB MEDIUM text WORKING POC

pragmaMx <1.12.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.

CVSS 6.1

View Code

EIP-2026-111382 EXPLOITDB text WRITEUP

Podcast Generator 1.3 - Multiple Vulnerabilities

View Code

EIP-2026-111353 EXPLOITDB text WORKING POC

Pluck CMS 4.6.3 - 'cont1' HTML Injection

View Code

EIP-2026-111367 EXPLOITDB text WORKING POC

PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

View Code

CVE-2012-2452 EXPLOITDB MEDIUM text WRITEUP

pragmaMx <1.12.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.

CVSS 6.1

View Code

CVE-2012-2227 EXPLOITDB text WRITEUP

Pluxml < 5.1.5 - Path Traversal

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.

View Code

EIP-2026-111308 EXPLOITDB text WORKING POC

Pixie CMS 1.0.4 - '/admin/index.php' SQL Injection

View Code

EIP-2026-111330 EXPLOITDB text WORKING POC

Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting

View Code

CVE-2012-2436 EXPLOITDB text WORKING POC

Pligg CMS <1.2.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.

View Code

EIP-2026-111305 EXPLOITDB html WORKING POC

Pixie 1.0.4 - HTML Injection / Cross-Site Scripting

View Code

EIP-2026-111348 EXPLOITDB text WORKING POC

Plogger 1.0 RC1 - 'gallery_name' Cross-Site Scripting

View Code

EIP-2026-111467 EXPLOITDB text WORKING POC

Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2013-1469 EXPLOITDB text WORKING POC

Piwigo < 2.4.6 - Path Traversal

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

View Code

EIP-2026-111236 EXPLOITDB text WORKING POC

PHPWCMS 1.4.5 - 'PHPwcms.php' Cross-Site Scripting

View Code

CVE-2011-0772 EXPLOITDB text WORKING POC

Pivotx - XSS

Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.

View Code

CVE-2011-0772 EXPLOITDB text WORKING POC

Pivotx - XSS

Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.

View Code