Linux_Drox

25 exploits Active since Nov 2005

CVE-2006-1230 EXPLOITDB text WORKING POC

vCard 2.x - XSS

Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.

View Code

EIP-2026-112900 EXPLOITDB text WRITEUP

Unique Ads - 'Banner.php' SQL Injection

View Code

CVE-2006-1659 EXPLOITDB text WRITEUP

Softbiz Image Gallery - SQL Injection

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.

View Code

CVE-2006-1659 EXPLOITDB text WRITEUP

Softbiz Image Gallery - SQL Injection

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.

View Code

CVE-2006-1659 EXPLOITDB text WRITEUP

Softbiz Image Gallery - SQL Injection

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.

View Code

CVE-2006-1659 EXPLOITDB text WRITEUP

Softbiz Image Gallery - SQL Injection

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.

View Code

CVE-2006-1659 EXPLOITDB text WRITEUP

Softbiz Image Gallery - SQL Injection

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.

View Code

CVE-2006-1420 EXPLOITDB text WORKING POC

SaphpLesson 2.0 - SQL Injection

SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter.

View Code

CVE-2005-3584 EXPLOITDB text WORKING POC

Phpwebthings - XSS

Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter.

View Code

CVE-2006-1349 EXPLOITDB text WORKING POC

Musicbox 2.3 Beta 2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.

View Code

CVE-2005-4500 EXPLOITDB text WRITEUP

MusicBox 2.3 - SQL Injection

SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered.

View Code

CVE-2006-1349 EXPLOITDB text WRITEUP

Musicbox 2.3 Beta 2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.

View Code

CVE-2006-6734 EXPLOITDB text WRITEUP

Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c - XSS

Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter.

View Code

EIP-2026-106444 EXPLOITDB text WORKING POC

Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2006-0939 EXPLOITDB text WRITEUP

Dci-designs Dci-taskeen - SQL Injection

SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php.

View Code

CVE-2006-0939 EXPLOITDB text WRITEUP

Dci-designs Dci-taskeen - SQL Injection

SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php.

View Code

CVE-2008-1499 EXPLOITDB text WRITEUP

cPanel <11.18.3,11.21.0-BETA - XSS

Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.

View Code

CVE-2008-7142 EXPLOITDB text WORKING POC

Cpanel - Path Traversal

Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.

View Code

CVE-2006-1556 EXPLOITDB text WORKING POC

AL-Caricatier 2.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter.

View Code

EIP-2026-104814 EXPLOITDB text WORKING POC

212Cafe Guestbook 4.00 - 'show.php' Cross-Site Scripting

View Code

EIP-2026-104813 EXPLOITDB text WRITEUP

212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2006-6777 EXPLOITDB text WRITEUP

Future Internet - XSS

Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action.

View Code

CVE-2006-6776 EXPLOITDB text WRITEUP

Future Internet - SQL Injection

Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm.

View Code

CVE-2008-1560 EXPLOITDB text WRITEUP

Digiappz DigiDomain 2.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp.

View Code

CVE-2008-1560 EXPLOITDB text WRITEUP

Digiappz DigiDomain 2.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp.

View Code