Lostmon

188 exploits Active since Dec 2004
CVE-2005-4880 EXPLOITDB text WRITEUP
Jax Guestbook 3.1-3.31 - Info Disclosure
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.
EIP-2026-108062 EXPLOITDB text WRITEUP
Jax PHP Scripts 1.0/1.34/2.14/3.31 - jnl_records User Database Disclosure
CVE-2005-4880 EXPLOITDB text WRITEUP
Jax Guestbook 3.1-3.31 - Info Disclosure
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.
EIP-2026-108061 EXPLOITDB text WRITEUP
Jax PHP Scripts 1.0/1.34/2.14/3.31 - ips2block Banned IP Disclosure
CVE-2005-4880 EXPLOITDB text WRITEUP
Jax Guestbook 3.1-3.31 - Info Disclosure
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.
CVE-2005-4880 EXPLOITDB text WRITEUP
Jax Guestbook 3.1-3.31 - Info Disclosure
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.
EIP-2026-108060 EXPLOITDB text WRITEUP
Jax PHP Scripts 1.0/1.34/2.14/3.31 - formmailer.log User Sent Mail Disclosure
EIP-2026-108059 EXPLOITDB text WRITEUP
Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'sign_in.php?language' Cross-Site Scripting
EIP-2026-108058 EXPLOITDB text WRITEUP
Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'shrimp_petition.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-108057 EXPLOITDB text WRITEUP
Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_newsletter.php?language' Cross-Site Scripting
CVE-2008-6562 EXPLOITDB text WRITEUP
JAX Scripts Jax Linklists - XSS
Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-108053 EXPLOITDB text WRITEUP
Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'archive.php?language' Cross-Site Scripting
EIP-2026-108056 EXPLOITDB text WORKING POC
Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_guestbook.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-108055 EXPLOITDB text WORKING POC
Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_calendar.php' Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-4092 EXPLOITDB text WORKING POC
iFoto <1.0.1 - Path Traversal
Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter.
CVE-2005-3334 EXPLOITDB text WRITEUP
Flyspray - XSS
Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.
CVE-2005-4627 EXPLOITDB text WORKING POC
GmailSite/GFHost <1.0.4/<0.4.2 - XSS
Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
CVE-2004-2245 EXPLOITDB text WORKING POC
Goollery 0.03 - XSS
Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.
CVE-2004-2246 EXPLOITDB text WRITEUP
Goollery <0.04b - XSS
Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php.
CVE-2005-1715 EXPLOITDB text WORKING POC
EJ3 Topo - XSS
Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section.
CVE-2007-6380 EXPLOITDB text WORKING POC
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
CVE-2007-6380 EXPLOITDB text WORKING POC
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
CVE-2007-6380 EXPLOITDB text WORKING POC
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
CVE-2007-6380 EXPLOITDB text WORKING POC
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
CVE-2007-6380 EXPLOITDB text WORKING POC
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.