Mike Manzotti

7 exploits Active since Aug 2014
CVE-2014-5193 EXPLOITDB text WORKING POC
Sphider 1.3.6 - Cross-Site Scripting via Category Parameter
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
CVE-2014-5192 EXPLOITDB text WORKING POC
Sphider 1.3.6 - SQL Injection via Admin Filter Parameter
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
CVE-2014-5082 EXPLOITDB text WORKING POC
sphider < 1.3.6 - SQL Injection via site_id or url Parameter
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
CVE-2014-5275 EXPLOITDB text WORKING POC
Pro Chat Rooms Text Chat Rooms 8.2.0 - Authenticated SQL Injection via Password, Email, or ID Parameter
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
EIP-2026-114192 EXPLOITDB text WORKING POC
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2014-5194 EXPLOITDB text WORKING POC
Sphider 1.3.6 - Authenticated PHP Code Injection via _word_upper_bound Parameter
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
CVE-2014-5276 EXPLOITDB text WORKING POC
Pro Chat Rooms Text Chat Rooms 8.2.0 - Authenticated Cross-Site Scripting via Profile Picture Upload or Edit Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.