Ivan Sanchez

21 exploits Active since Oct 2007
CVE-2024-55875 WRITEUP CRITICAL WRITEUP
http4k-format-xml 5.0.0.0-5.41.0.0 - XML External Entity Injection
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. The original fix shipped in v5.41.0.0 / v4.50.0.0 closed the documented external-entity attack class (SSRF, local-file disclosure, code execution) by setting `ACCESS_EXTERNAL_DTD=""`, `ACCESS_EXTERNAL_SCHEMA=""`, and `isExpandEntityReferences=false` on the default `DocumentBuilderFactory`. A residual gap remained: the parser still accepted documents containing `<!DOCTYPE>` declarations even though external entity resolution was blocked. This left open billion-laughs-style internal entity expansion DoS attacks against any application using `Body.xml()` or `Document.asXmlDocument()` on untrusted XML. v6.50.0.0 closes this residual by adding `disallow-doctype-decl=true` and `FEATURE_SECURE_PROCESSING=true` to `defaultXmlParsingConfig`. Any document containing a `<!DOCTYPE>` is now rejected at parse time.
CVSS 9.8
CVE-2008-3956 EXPLOITDB text WRITEUP
Microsoft Organization Chart 2.00 - DoS/Code Injection
orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
EIP-2026-118275 EXPLOITDB text WORKING POC
Apple QuickTime 7.6.9 - 'QuickTimePlayer.dll' ActiveX Buffer Overflow
CVE-2008-2752 EXPLOITDB text WORKING POC
Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 - Denial of Service or Remote Code Execution via Crafted .doc File
Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
CVE-2008-6616 EXPLOITDB text WORKING POC
Zen Cart 2008 - Cross-Site Scripting via Advanced Search Keyword Parameter
Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6615 EXPLOITDB text WORKING POC
Zen Cart 2008 - SQL Injection via Advanced Search Keyword Parameter
SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5649 EXPLOITDB text WRITEUP
SocketMail 2.2.1 - Cross-Site Scripting via lostpwd.php lost_id Parameter
Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter.
CVE-2007-5647 EXPLOITDB text WRITEUP
SocketKB 1.1.5 - Cross-Site Scripting via art_id or node Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) art_id or (2) node parameter in an article action to the default URI.
CVE-2009-3152 EXPLOITDB text WRITEUP
NTSOFT BBS E-Market Professional - Cross-Site Scripting via Page, bt_code, or b_no Parameters
Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action.
EIP-2026-109974 EXPLOITDB text WRITEUP
NTSOFT BBS E-Market Professional - Multiple Cross-Site Scripting Vulnerabilities (2)
EIP-2026-110416 EXPLOITDB text WORKING POC
Ovidentia 6.7.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
CVE-2008-2783 EXPLOITDB text WRITEUP
Horde Groupware - Cross-Site Scripting via Timestamp Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2783 EXPLOITDB text WRITEUP
Horde Groupware - Cross-Site Scripting via Timestamp Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5952 EXPLOITDB text WRITEUP
Helios Calendar 1.2.1 Beta - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1621 EXPLOITDB text WRITEUP
GeeCarts - Cross-Site Scripting via id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1621 EXPLOITDB text WRITEUP
GeeCarts - Cross-Site Scripting via id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2783 EXPLOITDB text WRITEUP
Horde Groupware - Cross-Site Scripting via Timestamp Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1621 EXPLOITDB text WRITEUP
GeeCarts - Cross-Site Scripting via id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5290 EXPLOITDB text WRITEUP
MailBee WebMail < 3.4 - Cross-Site Scripting via Login Mode Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.
CVE-2007-5290 EXPLOITDB text WRITEUP
MailBee WebMail < 3.4 - Cross-Site Scripting via Login Mode Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.
CVE-2009-0611 EXPLOITDB text WORKING POC
Novell Open Enterprise Server 1.x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.