MaXe

25 exploits Active since Jun 2009
CVE-2009-2133 EXPLOITDB text WRITEUP
Pivot 1.40.4-1.40.7 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php, (4) the element name in a check array parameter in a delete action to pivot/index.php, (5) the edituser parameter in an edituser action to pivot/index.php, (6) the edit parameter in a templates action to pivot/index.php, (7) the blog parameter in a blog_edit1 action to pivot/index.php, (8) the cat parameter in a cat_edit action to pivot/index.php, (9) a certain form field in a doaction=1 request to pivot/index.php, (10) the url field in a my_weblog edit_prefs action to pivot/user.php, or (11) the username (aka name) field in a my_weblog reg_user action to pivot/user.php.
CVE-2009-2138 EXPLOITDB text WRITEUP
TBDev.NET 01-01-08 - Open Redirect
Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI.
CVE-2011-4106 EXPLOITDB text WORKING POC
TimThumb <2.0 - RCE
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
EIP-2026-112978 EXPLOITDB text WORKING POC
vBSEO Sitemap 2.5/3.0 - Multiple Vulnerabilities
EIP-2026-112976 EXPLOITDB html WORKING POC
vBSEO 3.2.2/3.5.2 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112977 EXPLOITDB text WRITEUP
vBSEO 3.2.2/3.5.2 - Persistent Cross-Site Scripting via LinkBacks
EIP-2026-113001 EXPLOITDB text WRITEUP
vBulletin 4.0.8 PL1 - Cross-Site Scripting Filter Bypass within Profile Customization
EIP-2026-113000 EXPLOITDB text WRITEUP
vBulletin 4.0.8 - Persistent Cross-Site Scripting via Profile Customization
CVE-2009-2145 EXPLOITDB text WRITEUP
transLucid 1.75 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page.
CVE-2011-4614 EXPLOITDB text WRITEUP
Typo3 - Code Injection
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
CVE-2009-2141 EXPLOITDB text WRITEUP
TBDev.NET 01-01-08 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php.
CVE-2009-2116 EXPLOITDB text WRITEUP
SkyBlueCanvas 1.1 r237 - Path Traversal
Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter.
CVE-2009-2114 EXPLOITDB text WORKING POC
SkyBlueCanvas 1.1 r237 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters.
EIP-2026-111988 EXPLOITDB text WORKING POC
Seo Panel 2.1.0 - Critical File Disclosure
CVE-2009-2134 EXPLOITDB text WRITEUP
Pivot <1.40.7 - Info Disclosure
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.
EIP-2026-109189 EXPLOITDB text WORKING POC
LiveZilla 3.1.8.3 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2009-4450 EXPLOITDB text WORKING POC
LiveZilla 3.1.8.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl.
EIP-2026-106590 EXPLOITDB text WRITEUP
Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting
EIP-2026-104908 EXPLOITDB text WORKING POC
Achievo 1.3.4 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-102488 EXPLOITDB text WORKING POC
Jira 4.0.1 - Cross-Site Scripting / Information Disclosure
EIP-2026-100061 EXPLOITDB text WORKING POC
Australian Education App - Remote Code Execution
EIP-2026-100072 EXPLOITDB text WORKING POC
Virtual Postage (VPA) - Man In The Middle Remote Code Execution
EIP-2026-100070 EXPLOITDB text WORKING POC
SKILLS.com.au Industry App - Man In The Middle Remote Code Execution
EIP-2026-100064 EXPLOITDB text WORKING POC
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution
EIP-2026-100063 EXPLOITDB text WORKING POC
BestSafe Browser - Man In The Middle Remote Code Execution