KaDaL-X

4 exploits Active since Apr 2006
CVE-2006-1679 EXPLOITDB text WORKING POC
Jupiter CMS 1.1.5 - Cross-Site Scripting via Layout Parameter
Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php.
CVE-2006-1745 EXPLOITDB text WRITEUP
bitweaver 1.3 - Cross-Site Scripting via Login Error Parameter
Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2480 EXPLOITDB text WRITEUP
Dia 0.94 - Format String Vulnerability via Crafted .bmp Filename
Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.
CVE-2006-2230 EXPLOITDB text WRITEUP
xine 0.99.4 - Denial of Service via Format String in MP3 Filename
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.