JeiAr

101 exploits Active since Aug 2003
CVE-2004-1966 EXPLOITDB text WRITEUP
OpenBB <= 1.0.6 - SQL Injection via FID Parameter in board.php
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.
CVE-2004-1965 EXPLOITDB text WRITEUP
Open Bulletin Board <= 1.0.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
CVE-2004-1966 EXPLOITDB text WRITEUP
OpenBB <= 1.0.6 - SQL Injection via FID Parameter in board.php
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.
CVE-2004-1965 EXPLOITDB text WRITEUP
Open Bulletin Board <= 1.0.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
CVE-2004-1965 EXPLOITDB text WRITEUP
Open Bulletin Board <= 1.0.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
CVE-2004-1966 EXPLOITDB text WRITEUP
OpenBB <= 1.0.6 - SQL Injection via FID Parameter in board.php
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.
CVE-2004-1966 EXPLOITDB text WRITEUP
OpenBB <= 1.0.6 - SQL Injection via FID Parameter in board.php
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.
CVE-2004-1965 EXPLOITDB text WRITEUP
Open Bulletin Board <= 1.0.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
EIP-2026-110369 EXPLOITDB perl SCANNER
osCommerce 2.2 - SQL Injection
EIP-2026-110365 EXPLOITDB text WRITEUP
osCommerce 2.2 - 'products_id' SQL Injection
CVE-2003-1219 EXPLOITDB text WRITEUP
osCommerce < 2.2_ms2 - Cross-Site Scripting via osCsid Parameter
Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.
CVE-2004-1826 EXPLOITDB text WRITEUP
Mambo Open Source 4.5 - SQL Injection via Index.php ID Parameter
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-109305 EXPLOITDB text WRITEUP
Mambo Open Source 4.5 - 'index.php?mos_change_template' Cross-Site Scripting
CVE-2004-1825 EXPLOITDB text WRITEUP
Mambo Open Source 4.5 stable 1.0.3 - Cross-Site Scripting via return or mos_change_template Parameters
Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters.
CVE-2004-1835 EXPLOITDB text WRITEUP
Invision Gallery 1.0.1 - SQL Injection via img/cat/sort_key/order_key/user/album Parameters
Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.
CVE-2004-1836 EXPLOITDB text WRITEUP
Invision Power Top Site List <= 1.1 RC 2 - SQL Injection via Comments ID Parameter
SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action.
EIP-2026-104881 EXPLOITDB text WRITEUP
Aardvark Topsites 4.1 PHP - Multiple Vulnerabilities
EIP-2026-100848 EXPLOITDB text WRITEUP
M-TECH P-Synch 6.2.5 - 'nph-psf.exe?css' Remote File Inclusion
EIP-2026-100858 EXPLOITDB text WRITEUP
MetaDot Portal Server 5.6.x - index.pl Information Disclosure
EIP-2026-100857 EXPLOITDB text WORKING POC
MetaDot Portal Server 5.6.x - 'userchannel.pl?op' Cross-Site Scripting
EIP-2026-100856 EXPLOITDB text WRITEUP
MetaDot Portal Server 5.6.x - 'index.pl' Multiple SQL Injections
EIP-2026-100855 EXPLOITDB text WORKING POC
MetaDot Portal Server 5.6.x - 'index.pl' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-100847 EXPLOITDB text WRITEUP
M-TECH P-Synch 6.2.5 - 'nph-psa.exe?css' Remote File Inclusion
CVE-2003-1213 EXPLOITDB text WRITEUP
MaxWebPortal 1.30 - Info Disclosure
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
CVE-2003-0492 EXPLOITDB text WRITEUP
Snitz Forums 2000 3.4.03 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter.