Inj3ct0r

16 exploits Active since Aug 2009
CVE-2009-2852 EXPLOITDB text WORKING POC
WP-Syntax < 0.9.1 - Remote Code Execution via test_filter[wp_head] Parameter
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
CVE-2009-3123 EXPLOITDB text WORKING POC
visavi wap-motor < 18.0 - Path Traversal via Image Parameter
Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter.
EIP-2026-112566 EXPLOITDB text WRITEUP
TBDev 2.0 - Remote File Inclusion / SQL Injection
EIP-2026-110807 EXPLOITDB text WORKING POC
PHP-Fusion 6.01.15.4 - 'downloads.php' SQL Injection
CVE-2009-3119 EXPLOITDB text WORKING POC
Download System mSF for PHP-Fusion - SQL Injection via screen.php view_id Parameter
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter.
EIP-2026-110808 EXPLOITDB text WRITEUP
PHP-Fusion 6.1.18 - Multiple Information Disclosure Vulnerabilities
EIP-2026-109506 EXPLOITDB text WORKING POC
MKPortal 1.x (Multiple Modules) - Cross-Site Scripting
CVE-2009-3256 EXPLOITDB text WORKING POC
LiveStreet 0.2 - Cross-Site Scripting via URI Parameter
Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.
CVE-2009-3260 EXPLOITDB text WORKING POC
LiveStreet 0.2 - Cross-Site Scripting via Topic Header in Comment
Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.
EIP-2026-109507 EXPLOITDB text WRITEUP
MKPortal 1.x - Multiple BBCode HTML Injection Vulnerabilities
CVE-2009-3059 EXPLOITDB text WORKING POC
Allpublication Jboard < 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
EIP-2026-107881 EXPLOITDB text WORKING POC
Interactivefx.ie CMS - SQL Injection
EIP-2026-107147 EXPLOITDB text WORKING POC
FlexCMS 2.5 - 'CookieUsername' Cookie SQL Injection
EIP-2026-103396 EXPLOITDB html WORKING POC
All browsers - Crash
EIP-2026-100211 EXPLOITDB text WRITEUP
Code Widgets DataBound Collapsible Menu - 'main.asp' SQL Injection
EIP-2026-100212 EXPLOITDB text WRITEUP
Code Widgets DataBound Index Style Menu - 'category.asp' SQL Injection