Moritz Naumann

17 exploits Active since Nov 2005
CVE-2009-4032 EXPLOITDB WRITEUP
Cacti 0.8.7e - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.
EIP-2026-118261 EXPLOITDB text WRITEUP
Antville 1.1 - Cross-Site Scripting
CVE-2005-3902 EXPLOITDB text WRITEUP
Virtual Hosting Control System 2.2.0-2.4.6.2 - Cross-Site Scripting via Error Message Query String
Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script.
EIP-2026-112683 EXPLOITDB text WORKING POC
TikiWiki 1.9 - 'Tiki-view_forum_thread.php' Cross-Site Scripting
EIP-2026-112413 EXPLOITDB text WORKING POC
SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting
CVE-2005-3849 EXPLOITDB text WORKING POC
PmWiki < 2.0.12 - Cross-Site Scripting via Search Module q Parameter
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
EIP-2026-110537 EXPLOITDB text WRITEUP
PECL Alternative PHP Cache Local 3 - HTML Injection
CVE-2007-1473 EXPLOITDB text WRITEUP
Horde Application Framework - Cross-Site Scripting via new_lang Parameter
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
CVE-2010-3077 EXPLOITDB text WRITEUP
Horde Application Framework <3.3.9 - XSS
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
CVE-2010-3695 EXPLOITDB text WORKING POC
Horde IMP < 4.3.8 & Groupware Webmail < 1.2.7 - XSS via Fetchmail fm_id Parameter
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
CVE-2009-4032 EXPLOITDB text WORKING POC
Cacti 0.8.7e - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.
CVE-2010-2543 EXPLOITDB text WRITEUP
Cacti < 0.8.7g - Cross-Site Scripting via graph_start Parameter
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
CVE-2005-3893 EXPLOITDB text WRITEUP
OTRS 1.0.0-1.3.2 & 2.0.0-2.0.3 SQL Injection via Login & Authenticated Parameters
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
CVE-2005-3893 EXPLOITDB text WRITEUP
OTRS 1.0.0-1.3.2 & 2.0.0-2.0.3 SQL Injection via Login & Authenticated Parameters
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
CVE-2005-3894 EXPLOITDB text WORKING POC
OTRS 1.0.0-1.3.2 and 2.0.0-2.0.3 - Authenticated Cross-Site Scripting via QueueID and Action Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
EIP-2026-100980 EXPLOITDB text WORKING POC
Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service
CVE-2006-3636 EXPLOITDB text WRITEUP
Mailman - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.