Lorenzo Hernandez Garcia-Hierro

20 exploits Active since Oct 2003
EIP-2026-112376 EXPLOITDB text WORKING POC
Sphera HostingDirector 1.0/2.0/3.0 - VDS Control Panel Account Configuration Modification
EIP-2026-112377 EXPLOITDB text WORKING POC
Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities
CVE-2003-0736 EXPLOITDB text WORKING POC
phpWebSite <0.9.x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
CVE-2003-0736 EXPLOITDB text WORKING POC
phpWebSite <0.9.x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
CVE-2003-0736 EXPLOITDB text WORKING POC
phpWebSite <0.9.x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
CVE-2003-0736 EXPLOITDB text WORKING POC
phpWebSite <0.9.x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
EIP-2026-111370 EXPLOITDB text WRITEUP
pMachine 1.0/2.x - '/lib/' Multiple Script Direct Request Full Path Disclosures
EIP-2026-111371 EXPLOITDB text WRITEUP
pMachine 1.0/2.x - Multiple Script 'sfx' Full Path Disclosures
EIP-2026-111372 EXPLOITDB text WRITEUP
pMachine 1.0/2.x - Search Module Cross-Site Scripting
CVE-2004-1957 EXPLOITDB text WRITEUP
PostNuke 0.726 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.
EIP-2026-111424 EXPLOITDB text WRITEUP
PostNuke 0.6/0.7 web_links Module - TTitle Cross-Site Scripting
CVE-2003-0735 EXPLOITDB text WRITEUP
phpWebSite <0.9 - SQL Injection
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
EIP-2026-110367 EXPLOITDB text WRITEUP
osCommerce 2.2 - Authentication Bypass
EIP-2026-109234 EXPLOITDB text WORKING POC
Macromedia Dreamweaver MX 6.0 - PHP User Authentication Suite Cross-Site Scripting
EIP-2026-107365 EXPLOITDB text WORKING POC
Geeklog 1.3.x - SQL Injection
EIP-2026-107363 EXPLOITDB text WRITEUP
Geeklog 1.3.x - Cross-Site Scripting
EIP-2026-104641 EXPLOITDB text WRITEUP
osCommerce 2.2 - 'product_info.php' Denial of Service
EIP-2026-102373 EXPLOITDB text WORKING POC
H-Sphere 2.x - HTML Template Inclusion Cross-Site Scripting
EIP-2026-100903 EXPLOITDB text WORKING POC
Sun Cobalt RaQ 1.1/2.0/3.0/4.0 - 'Message.cgi' Cross-Site Scripting
EIP-2026-100701 EXPLOITDB text WRITEUP
Macromedia ColdFusion MX 6.0 - SQL Error Message Cross-Site Scripting