Linux_Drox

25 exploits Active since Nov 2005
CVE-2006-1230 EXPLOITDB text WORKING POC
vCard 2.x - Cross-Site Scripting via create.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.
EIP-2026-112900 EXPLOITDB text WRITEUP
Unique Ads - 'Banner.php' SQL Injection
CVE-2006-1659 EXPLOITDB text WRITEUP
Softbiz Image Gallery - SQL Injection
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.
CVE-2006-1659 EXPLOITDB text WRITEUP
Softbiz Image Gallery - SQL Injection
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.
CVE-2006-1659 EXPLOITDB text WRITEUP
Softbiz Image Gallery - SQL Injection
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.
CVE-2006-1659 EXPLOITDB text WRITEUP
Softbiz Image Gallery - SQL Injection
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.
CVE-2006-1659 EXPLOITDB text WRITEUP
Softbiz Image Gallery - SQL Injection
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.
CVE-2006-1420 EXPLOITDB text WORKING POC
SaphpLesson 2.0 - SQL Injection via print.php lessid Parameter
SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter.
CVE-2005-3584 EXPLOITDB text WORKING POC
phpwebthings 1.4.4 - Cross-Site Scripting via Forum Parameter
Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
CVE-2006-1349 EXPLOITDB text WORKING POC
Musicbox 2.3 Beta 2 - Cross-Site Scripting via id, type, show, and message1 Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.
CVE-2005-4500 EXPLOITDB text WRITEUP
MusicBox 2.3 - SQL Injection via Show or Type Parameter
SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered.
CVE-2006-1349 EXPLOITDB text WRITEUP
Musicbox 2.3 Beta 2 - Cross-Site Scripting via id, type, show, and message1 Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.
CVE-2006-6734 EXPLOITDB text WRITEUP
Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c - XSS
Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter.
EIP-2026-106444 EXPLOITDB text WORKING POC
Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2006-0939 EXPLOITDB text WRITEUP
DCI-Taskeen 1.03 - SQL Injection via id or action Parameter
SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php.
CVE-2006-0939 EXPLOITDB text WRITEUP
DCI-Taskeen 1.03 - SQL Injection via id or action Parameter
SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php.
CVE-2008-1499 EXPLOITDB text WRITEUP
cPanel 11.18.3 and 11.21.0-BETA - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-7142 EXPLOITDB text WORKING POC
cPanel 11.18.3 - Path Traversal via Disk Usage Module showtree Parameter
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
CVE-2006-1556 EXPLOITDB text WORKING POC
AL-Caricatier 2.5 - Cross-Site Scripting via CatName, CaricatierID, or CatID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter.
EIP-2026-104814 EXPLOITDB text WORKING POC
212Cafe Guestbook 4.00 - 'show.php' Cross-Site Scripting
EIP-2026-104813 EXPLOITDB text WRITEUP
212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities
CVE-2006-6777 EXPLOITDB text WRITEUP
Future Internet - Cross-Site Scripting via categoryId Parameter
Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action.
CVE-2006-6776 EXPLOITDB text WRITEUP
Future Internet - SQL Injection via newsId, categoryid, or langId Parameter
Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm.
CVE-2008-1560 EXPLOITDB text WRITEUP
Digiappz DigiDomain 2.2 - Cross-Site Scripting via lookup_result.asp and suggest_result.asp
Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp.
CVE-2008-1560 EXPLOITDB text WRITEUP
Digiappz DigiDomain 2.2 - Cross-Site Scripting via lookup_result.asp and suggest_result.asp
Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp.