Lostmon - Security Researcher - Exploit Intelligence Platform

CVE-2005-4880 EXPLOITDB text WRITEUP

Jax Guestbook 3.1-3.31 - Info Disclosure

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

View Code

EIP-2026-108062 EXPLOITDB text WRITEUP

Jax PHP Scripts 1.0/1.34/2.14/3.31 - jnl_records User Database Disclosure

View Code

CVE-2005-4880 EXPLOITDB text WRITEUP

Jax Guestbook 3.1-3.31 - Info Disclosure

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

View Code

EIP-2026-108061 EXPLOITDB text WRITEUP

Jax PHP Scripts 1.0/1.34/2.14/3.31 - ips2block Banned IP Disclosure

View Code

CVE-2005-4880 EXPLOITDB text WRITEUP

Jax Guestbook 3.1-3.31 - Info Disclosure

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

View Code

CVE-2005-4880 EXPLOITDB text WRITEUP

Jax Guestbook 3.1-3.31 - Info Disclosure

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

View Code

EIP-2026-108060 EXPLOITDB text WRITEUP

Jax PHP Scripts 1.0/1.34/2.14/3.31 - formmailer.log User Sent Mail Disclosure

View Code

EIP-2026-108059 EXPLOITDB text WRITEUP

Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'sign_in.php?language' Cross-Site Scripting

View Code

EIP-2026-108058 EXPLOITDB text WRITEUP

Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'shrimp_petition.php' Multiple Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-108057 EXPLOITDB text WRITEUP

Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_newsletter.php?language' Cross-Site Scripting

View Code

CVE-2008-6562 EXPLOITDB text WRITEUP

Jax LinkLists 1.00 - Cross-Site Scripting via cat Parameter

Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View Code

EIP-2026-108053 EXPLOITDB text WRITEUP

Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'archive.php?language' Cross-Site Scripting

View Code

EIP-2026-108056 EXPLOITDB text WORKING POC

Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_guestbook.php' Multiple Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-108055 EXPLOITDB text WORKING POC

Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_calendar.php' Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2007-4092 EXPLOITDB text WORKING POC

ifoto < 1.0.1 - Directory Traversal via Dir Parameter

Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter.

View Code

CVE-2005-3334 EXPLOITDB text WRITEUP

Flyspray 0.9.7-0.9.8 - Cross-Site Scripting via Multiple Parameters

Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.

View Code

CVE-2005-4627 EXPLOITDB text WORKING POC

GmailSite/GFHost <1.0.4/<0.4.2 - XSS

Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.

View Code

CVE-2004-2245 EXPLOITDB text WORKING POC

Goollery 0.03 - Cross-Site Scripting via Page Parameter

Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.

View Code

CVE-2004-2246 EXPLOITDB text WRITEUP

Goollery - Cross-Site Scripting via Conversation ID Parameter

Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php.

View Code

CVE-2005-1715 EXPLOITDB text WORKING POC

TOPo 2.2 - Cross-Site Scripting via Multiple Parameters

Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section.

View Code

CVE-2007-6380 EXPLOITDB text WORKING POC