Janek Vind

58 exploits Active since Feb 2004
CVE-2004-1989 EXPLOITDB text WRITEUP
Coppermine Photo Gallery <1.2.2b - RCE
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
CVE-2004-1985 EXPLOITDB text WRITEUP
Coppermine Photo Gallery 1.2.2b - Cross-Site Scripting via CPG_URL Parameter
Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.
CVE-2004-1911 EXPLOITDB text WORKING POC
AzDGDatingLite 2.1.1 - Cross-Site Scripting via Language Parameter or ID Parameter
Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php.
CVE-2004-1911 EXPLOITDB text WRITEUP
AzDGDatingLite 2.1.1 - Cross-Site Scripting via Language Parameter or ID Parameter
Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php.
EIP-2026-104831 EXPLOITDB text WRITEUP
2z Project 0.9.5 - 'rating.php' Cross-Site Scripting
CVE-2004-2008 EXPLOITDB text WRITEUP
NukeJokes 1.7 and 2 Beta - SQL Injection via JokeID Parameter
SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter.
CVE-2004-2007 EXPLOITDB text WRITEUP
NukeJokes 1.7 and 2 Beta - Cross-Site Scripting via Cat or JokeID Parameter
Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function.
CVE-2005-1023 EXPLOITDB text WRITEUP
PHP-Nuke 6.x-7.6 - Cross-Site Scripting via Search/FAQ/Encyclopedia Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000.