Luny

32 exploits Active since May 2006
CVE-2006-3061 EXPLOITDB text WORKING POC
five_star_review_script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php.
EIP-2026-106362 EXPLOITDB text WORKING POC
Datecomm 1.1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106283 EXPLOITDB text WORKING POC
Custom Dating Biz 1.0 - Multiple Input Validation Vulnerabilities
CVE-2006-3052 EXPLOITDB text WORKING POC
Event Registration - Cross-Site Scripting via Event ID or Select Events Parameter
Cross-site scripting (XSS) vulnerability in Event Registration allows remote attackers to inject arbitrary web script or HTML via the (1) event_id parameter to view-event-details.php or (2) select_events parameter to event-registration.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2680 EXPLOITDB text WORKING POC
AZ Photo Album Script Pro - Cross-Site Scripting via gazpart Parameter
Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter.
CVE-2006-2986 EXPLOITDB text WRITEUP
Baby Katie Media vSCAL/vsREAL 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php.
CVE-2006-2986 EXPLOITDB text WRITEUP
Baby Katie Media vSCAL/vsREAL 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php.