Inj3ct0r - Security Researcher - Exploit Intelligence Platform

CVE-2009-2852 EXPLOITDB text WORKING POC

Ryan.mcgeary Wp-syntax < 0.9.1 - Improper Input Validation

WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.

View Code

CVE-2009-3123 EXPLOITDB text WORKING POC

Visavi Wap-motor < 18.0 - Path Traversal

Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter.

View Code

EIP-2026-112566 EXPLOITDB text WRITEUP

TBDev 2.0 - Remote File Inclusion / SQL Injection

View Code

EIP-2026-110807 EXPLOITDB text WORKING POC

PHP-Fusion 6.01.15.4 - 'downloads.php' SQL Injection

View Code

CVE-2009-3119 EXPLOITDB text WORKING POC

X-iweb.ru Download System Msf - SQL Injection

SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter.

View Code

EIP-2026-110808 EXPLOITDB text WRITEUP

PHP-Fusion 6.1.18 - Multiple Information Disclosure Vulnerabilities

View Code

EIP-2026-109506 EXPLOITDB text WORKING POC

MKPortal 1.x (Multiple Modules) - Cross-Site Scripting

View Code

CVE-2009-3256 EXPLOITDB text WORKING POC

Livestreet - XSS

Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.

View Code

CVE-2009-3260 EXPLOITDB text WORKING POC

Livestreet - XSS

Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.

View Code

EIP-2026-109507 EXPLOITDB text WRITEUP

MKPortal 1.x - Multiple BBCode HTML Injection Vulnerabilities

View Code

CVE-2009-3059 EXPLOITDB text WORKING POC

Allpublication Jboard < 2.0 - SQL Injection

Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.

View Code

EIP-2026-107881 EXPLOITDB text WORKING POC

Interactivefx.ie CMS - SQL Injection

View Code

EIP-2026-107147 EXPLOITDB text WORKING POC

FlexCMS 2.5 - 'CookieUsername' Cookie SQL Injection

View Code

EIP-2026-103396 EXPLOITDB html WORKING POC

All browsers - Crash

View Code

EIP-2026-100211 EXPLOITDB text WRITEUP

Code Widgets DataBound Collapsible Menu - 'main.asp' SQL Injection

View Code

EIP-2026-100212 EXPLOITDB text WRITEUP

Code Widgets DataBound Index Style Menu - 'category.asp' SQL Injection

View Code