JeiAr

101 exploits Active since Aug 2003

EIP-2026-110999 EXPLOITDB text WRITEUP

phpBugTracker 0.9 - 'bug.php' Multiple Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-111000 EXPLOITDB text WRITEUP

phpBugTracker 0.9 - 'bug.php' Multiple SQL Injections

View Code

EIP-2026-111001 EXPLOITDB text WRITEUP

phpBugTracker 0.9 - 'query.php' Multiple Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-111002 EXPLOITDB text WRITEUP

phpBugTracker 0.9 - 'query.php' Multiple SQL Injections

View Code

EIP-2026-111003 EXPLOITDB text WRITEUP

phpBugTracker 0.9 - 'user.php?bugid' Cross-Site Scripting

View Code

CVE-2004-0067 EXPLOITDB text WORKING POC

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WORKING POC

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WORKING POC

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

CVE-2004-0067 EXPLOITDB text WRITEUP

phpGedView < 2.65 - Cross-Site Scripting via Multiple Scripts

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

View Code

EIP-2026-111110 EXPLOITDB text WORKING POC

PHPLinks 2.1.2 - Add Site HTML Injection

View Code

EIP-2026-111209 EXPLOITDB text WORKING POC

phpShop Web Shopping Cart 0.6.1 -b - Multiple Function Cross-Site Scripting Vulnerabilities

View Code

CVE-2004-1822 EXPLOITDB text WRITEUP

Phorum 3.1-5.0.3 beta - Cross-Site Scripting via HTTP_REFERER or Target Parameter

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.

View Code

CVE-2004-1870 EXPLOITDB text WORKING POC

PhotoPost PHP Pro 4.6.x - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.

View Code

CVE-2004-1822 EXPLOITDB text WRITEUP

Phorum 3.1-5.0.3 beta - Cross-Site Scripting via HTTP_REFERER or Target Parameter

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.

View Code

CVE-2004-1822 EXPLOITDB text WRITEUP

Phorum 3.1-5.0.3 beta - Cross-Site Scripting via HTTP_REFERER or Target Parameter

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.

View Code

EIP-2026-110364 EXPLOITDB text WORKING POC

osCommerce 2.2 - 'manufacturers_id' Cross-Site Scripting

View Code