Moudi

192 exploits Active since Jan 2009
CVE-2009-4694 EXPLOITDB WORKING POC
RadScripts RadLance Gold 7.5 - XSS
Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2423 EXPLOITDB WORKING POC
Ebay Clone 2009 - SQL Injection
SQL injection vulnerability in category.php in Ebay Clone 2009 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter in a list action.
CVE-2009-4984 EXPLOITDB text WORKING POC
Websitesrus Accessories ME Php Affiliate Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php.
CVE-2009-4973 EXPLOITDB text WORKING POC
Sweetphp Totalcalendar - SQL Injection
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
CVE-2009-4551 EXPLOITDB text WRITEUP
Miniweb 2.0 - SQL Injection
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php.
CVE-2009-4543 EXPLOITDB text WORKING POC
Cromosoft Technologies Facil Helpdesk 2.3 Lite - RCE
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-4541 EXPLOITDB text WORKING POC
IsolSoft Support Center 2.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-4477 EXPLOITDB text WRITEUP
Xstate Real Estate 1.0 - SQL Injection
SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2009-3419 EXPLOITDB text WRITEUP
Intesync Miniweb - SQL Injection
SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.
CVE-2009-2340 EXPLOITDB text WORKING POC
Opial 1.0 - SQL Injection
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-0828 EXPLOITDB text WRITEUP
QuoteBook - Info Disclosure
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.
CVE-2009-4729 EXPLOITDB text WORKING POC
x10 Adult Media Script 1.7 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php.
CVE-2009-4713 EXPLOITDB text WRITEUP
Qas module for XOOPS Celepar - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php.
CVE-2009-4700 EXPLOITDB text WRITEUP
SkaDate Dating - Path Traversal
Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter.
CVE-2009-4699 EXPLOITDB text WRITEUP
SkaDate Dating - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.
CVE-2009-4696 EXPLOITDB text WORKING POC
RadNICS Gold 5 - SQL Injection
SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
CVE-2009-4692 EXPLOITDB text WORKING POC
RadScripts RadLance Gold 7.5 - XSS
Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action.
CVE-2009-4682 EXPLOITDB text WORKING POC
Good/Bad Vote - XSS
Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.
CVE-2009-4680 EXPLOITDB text WORKING POC
phpDirectorySource 1.x - SQL Injection
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2009-3529 EXPLOITDB text WORKING POC
Radscripts Radbids - SQL Injection
SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.
CVE-2009-3154 EXPLOITDB text WORKING POC
Almondsoft Com Aclassf - SQL Injection
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
CVE-2009-2777 EXPLOITDB text WORKING POC
GarageSales Script - SQL Injection
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2009-3539 EXPLOITDB text WORKING POC
Yourfreeworld Ultra Classifieds Pro - XSS
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.
CVE-2009-3539 EXPLOITDB text WORKING POC
Yourfreeworld Ultra Classifieds Pro - XSS
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.
CVE-2009-3153 EXPLOITDB text WRITEUP
X10media Mp3 Search Engine - XSS
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.