Lostmon

188 exploits Active since Dec 2004
CVE-2007-3594 EXPLOITDB text WORKING POC
AdventNet ManageEngine OpManager 6-7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.
CVE-2007-3594 EXPLOITDB text WORKING POC
AdventNet ManageEngine OpManager 6-7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.
EIP-2026-100732 EXPLOITDB text WORKING POC
@Mail 4.0/4.13 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2005-1329 EXPLOITDB text WRITEUP
OneWorldStore owOfflineCC.asp - Information Disclosure via idOrder Parameter
owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter.
EIP-2026-100575 EXPLOITDB text WRITEUP
Spread The Word - Multiple SQL Injections
EIP-2026-100466 EXPLOITDB text WRITEUP
OneWorldStore - 'DisplayResults.asp' SQL Injection
EIP-2026-100465 EXPLOITDB text WORKING POC
OneWorldStore - 'DisplayResults.asp' Cross-Site Scripting
EIP-2026-100574 EXPLOITDB text WORKING POC
Spread The Word - Multiple Cross-Site Scripting Vulnerabilities
CVE-2005-2588 EXPLOITDB text WRITEUP
DVBBS 7.1 SP2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp.
CVE-2005-2588 EXPLOITDB text WRITEUP
DVBBS 7.1 SP2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp.
CVE-2005-2588 EXPLOITDB text WRITEUP
DVBBS 7.1 SP2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp.
CVE-2005-3285 EXPLOITDB text WRITEUP
Comersus BackOffice Plus - Cross-Site Scripting via forwardTo1, forwardTo2, nameFT1, or nameFT2 Parameters
Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters.
CVE-2005-1188 EXPLOITDB text WORKING POC
Comersus Cart 3.90-4.51 - Cross-Site Scripting via curPage Parameter
Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter.