Jesper Jurcenoks

19 exploits Active since Jan 2007
CVE-2007-1899 EXPLOITDB text WORKING POC
Mywebland Mybloggie - SQL Injection
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
CVE-2007-3127 EXPLOITDB text WORKING POC
WSPortal 1.0 - Info Disclosure
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.
CVE-2007-1902 EXPLOITDB text WORKING POC
Sonicbb - SQL Injection
Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php.
CVE-2007-4874 EXPLOITDB text WORKING POC
Boesch-it Simpnews - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php.
CVE-2007-1903 EXPLOITDB text WRITEUP
Sonicbb - XSS
Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.
CVE-2007-4874 EXPLOITDB text WORKING POC
Boesch-it Simpnews - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php.
CVE-2008-3080 EXPLOITDB text WORKING POC
Mywebland Mybloggie - CSRF
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
CVE-2007-2686 EXPLOITDB text WORKING POC
Jetbox CMS 2.1 - XSS
Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.
CVE-2007-2685 EXPLOITDB text WORKING POC
Jetbox CMS 2.1 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.
CVE-2007-1898 EXPLOITDB text WORKING POC
Jetbox CMS 2.1 - XSS
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
CVE-2007-3653 EXPLOITDB text WRITEUP
Fascript Faname - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
CVE-2007-3653 EXPLOITDB text WORKING POC
Fascript Faname - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
CVE-2007-2801 EXPLOITDB text WRITEUP
eTicket <1.5.5.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On."
CVE-2007-0693 EXPLOITDB text WORKING POC
DGNews 2.1 - SQL Injection
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).
CVE-2006-6487 EXPLOITDB text WRITEUP
DT Guestbook 1.0f - XSS
Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.
CVE-2007-0694 EXPLOITDB text WRITEUP
DGNews 2.1 - XSS
Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.
CVE-2007-3183 EXPLOITDB text WORKING POC
Vincent HOR Calendarix - SQL Injection
Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.
CVE-2007-3182 EXPLOITDB text WRITEUP
Vincent HOR Calendarix - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.
CVE-2007-0605 EXPLOITDB text WRITEUP
Advanced Guestbook - XSS
Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter.