Mike Manzotti - Security Researcher - Exploit Intelligence Platform

CVE-2014-5193 EXPLOITDB text WORKING POC

Sphider - XSS

Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.

View Code

CVE-2014-5192 EXPLOITDB text WORKING POC

Sphider - SQL Injection

SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

View Code

CVE-2014-5082 EXPLOITDB text WORKING POC

Sphider < 1.3.6 - SQL Injection

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.

View Code

CVE-2014-5275 EXPLOITDB text WORKING POC

Prochatrooms Text Chat Rooms - SQL Injection

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.

View Code

EIP-2026-114192 EXPLOITDB text WORKING POC

WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2014-5194 EXPLOITDB text WORKING POC

Sphider - Code Injection

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.

View Code

CVE-2014-5276 EXPLOITDB text WORKING POC

PRO Chat Rooms Text Chat Rooms - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.

View Code