John Leitch

89 exploits Active since Jun 2010
EIP-2026-111834 EXPLOITDB text WRITEUP
RunCMS 2.1 - 'magpie_debug.php' Cross-Site Scripting
EIP-2026-112049 EXPLOITDB python WORKING POC
SilverStripe CMS 2.4 - File Renaming Security Bypass
EIP-2026-111152 EXPLOITDB text WORKING POC
phpmychat plus 1.93 - Multiple Vulnerabilities
EIP-2026-110004 EXPLOITDB text WORKING POC
NWS-Classifieds - 'cmd' Local File Inclusion
EIP-2026-110392 EXPLOITDB text WORKING POC
oscss2 2.1.0 rc12 - Multiple Vulnerabilities
CVE-2010-2669 EXPLOITDB text WORKING POC
Orbis CMS 1.0.2 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
EIP-2026-110308 EXPLOITDB WORKING POC
OpenForum 2.2 b005 - 'saveAsAttachment()' Method Arbitrary File Creation
CVE-2011-5160 EXPLOITDB text WORKING POC
OpenEMR 4 - Cross-Site Scripting via Site Parameter
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.
EIP-2026-110018 EXPLOITDB text WORKING POC
odCMS 1.07 - 'archive.php' Cross-Site Scripting
CVE-2010-2850 EXPLOITDB text WORKING POC
nubuilder <10.07.12 - Path Traversal
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
CVE-2010-5278 EXPLOITDB text WRITEUP
MODx Revolution <2.0.2-pl - Path Traversal
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-109959 EXPLOITDB text WORKING POC
NoticeBoardPro 1.0 - Multiple Vulnerabilities
CVE-2010-2844 EXPLOITDB text WORKING POC
Newanz NewsOffice 2.0.18 - Cross-Site Scripting via n-cat Parameter
Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter.
CVE-2010-3462 EXPLOITDB text WRITEUP
Mollify 1.6 and 1.6.5.5 - Cross-Site Scripting via Confirm Parameter
Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-4883 EXPLOITDB text WRITEUP
MODx Revolution 2.0.2-pl - Cross-Site Scripting via modhash Parameter
Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.
EIP-2026-107261 EXPLOITDB html WORKING POC
Front Accounting 2.3.4 - Cross-Site Request Forgery
EIP-2026-107481 EXPLOITDB html WORKING POC
Graugon Forum 1.3 - SQL Injection
EIP-2026-106806 EXPLOITDB text WORKING POC
eGroupWare 1.8.001.20110421 - Multiple Vulnerabilities
EIP-2026-106790 EXPLOITDB text WORKING POC
eFront 3.6.9 - 'submitScore.php' Cross-Site Scripting
CVE-2011-1715 EXPLOITDB text WORKING POC
qooxdoo 1.3 - Path Traversal via Delay.php File Parameter
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
EIP-2026-106523 EXPLOITDB text WORKING POC
Dolibarr ERP/CRM 3.0.0 - Multiple Vulnerabilities
EIP-2026-105990 EXPLOITDB python WORKING POC
CMS Made Simple Module Antz Toolkit 1.02 - Arbitrary File Upload
EIP-2026-105882 EXPLOITDB text WORKING POC
Claroline 1.10 - Persistent Cross-Site Scripting
EIP-2026-105983 EXPLOITDB python WORKING POC
CMS Made Simple 1.8 - 'default_cms_lang' Local File Inclusion
EIP-2026-106256 EXPLOITDB text WORKING POC
CSSTidy 1.3 - 'css_optimiser.php' Cross-Site Scripting