John Leitch - Security Researcher - Exploit Intelligence Platform

EIP-2026-111834 EXPLOITDB text WRITEUP

RunCMS 2.1 - 'magpie_debug.php' Cross-Site Scripting

View Code

EIP-2026-112049 EXPLOITDB python WORKING POC

SilverStripe CMS 2.4 - File Renaming Security Bypass

View Code

EIP-2026-111152 EXPLOITDB text WORKING POC

phpmychat plus 1.93 - Multiple Vulnerabilities

View Code

EIP-2026-110004 EXPLOITDB text WORKING POC

NWS-Classifieds - 'cmd' Local File Inclusion

View Code

EIP-2026-110392 EXPLOITDB text WORKING POC

oscss2 2.1.0 rc12 - Multiple Vulnerabilities

View Code

CVE-2010-2669 EXPLOITDB text WORKING POC

Orbis CMS 1.0.2 - XSS

Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

View Code

EIP-2026-110308 EXPLOITDB WORKING POC

OpenForum 2.2 b005 - 'saveAsAttachment()' Method Arbitrary File Creation

View Code

CVE-2011-5160 EXPLOITDB text WORKING POC

Open-emr Openemr - XSS

Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.

View Code

EIP-2026-110018 EXPLOITDB text WORKING POC

odCMS 1.07 - 'archive.php' Cross-Site Scripting

View Code

CVE-2010-2850 EXPLOITDB text WORKING POC

nubuilder <10.07.12 - Path Traversal

Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.

View Code

CVE-2010-5278 EXPLOITDB text WRITEUP

MODx Revolution <2.0.2-pl - Path Traversal

Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-109959 EXPLOITDB text WORKING POC

NoticeBoardPro 1.0 - Multiple Vulnerabilities

View Code

CVE-2010-2844 EXPLOITDB text WORKING POC

Newanz NewsOffice <2.0.18 - XSS

Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter.

View Code

CVE-2010-3462 EXPLOITDB text WRITEUP

Mollify <1.6-1.6.5.5 - XSS

Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information.

View Code

CVE-2010-4883 EXPLOITDB text WRITEUP

MODx Revolution 2.0.2-pl - XSS

Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.

View Code

EIP-2026-107261 EXPLOITDB html WORKING POC

Front Accounting 2.3.4 - Cross-Site Request Forgery

View Code

EIP-2026-107481 EXPLOITDB html WORKING POC

Graugon Forum 1.3 - SQL Injection

View Code

EIP-2026-106806 EXPLOITDB text WORKING POC

eGroupWare 1.8.001.20110421 - Multiple Vulnerabilities

View Code

EIP-2026-106790 EXPLOITDB text WORKING POC

eFront 3.6.9 - 'submitScore.php' Cross-Site Scripting

View Code

CVE-2011-1715 EXPLOITDB text WORKING POC

QooxDoo 1.3 - Path Traversal

Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.

View Code

EIP-2026-106523 EXPLOITDB text WORKING POC

Dolibarr ERP/CRM 3.0.0 - Multiple Vulnerabilities

View Code

EIP-2026-105990 EXPLOITDB python WORKING POC

CMS Made Simple Module Antz Toolkit 1.02 - Arbitrary File Upload

View Code

EIP-2026-105882 EXPLOITDB text WORKING POC

Claroline 1.10 - Persistent Cross-Site Scripting

View Code

EIP-2026-105983 EXPLOITDB python WORKING POC

CMS Made Simple 1.8 - 'default_cms_lang' Local File Inclusion

View Code

EIP-2026-106256 EXPLOITDB text WORKING POC

CSSTidy 1.3 - 'css_optimiser.php' Cross-Site Scripting

View Code