Megasky

6 exploits Active since Dec 2004
CVE-2004-2181 EXPLOITDB text WRITEUP
WowBB Forum 1.61 - SQL Injection via view_user.php Parameters
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
CVE-2005-1619 EXPLOITDB text WORKING POC
PHPMyChat 0.14.5 - Cross-Site Scripting via FontName Parameter
Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected.
CVE-2005-1619 EXPLOITDB text WORKING POC
PHPMyChat 0.14.5 - Cross-Site Scripting via FontName Parameter
Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected.
CVE-2005-1613 EXPLOITDB text WORKING POC
OpenBB 1.0.8 - Cross-Site Scripting via Reverse Parameter in Member List Action
Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action.
CVE-2005-1612 EXPLOITDB text WRITEUP
OpenBB 1.0.8 - SQL Injection via TID Parameter
SQL injection vulnerability in read.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to execute arbitrary SQL commands via the TID parameter.
CVE-2004-2021 EXPLOITDB text WORKING POC
osCommerce 2.2 - Directory Traversal via File Manager Filename Parameter
Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.