Moudi

192 exploits Active since Jan 2009
CVE-2009-4694 EXPLOITDB WORKING POC
RadScripts RadLance Gold 7.5 - Cross-Site Scripting via fid Parameter
Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2423 EXPLOITDB WORKING POC
Ebay Clone 2009 - SQL Injection via cate_id Parameter
SQL injection vulnerability in category.php in Ebay Clone 2009 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter in a list action.
CVE-2009-4984 EXPLOITDB text WORKING POC
Accessories Me PHP Affiliate Script 1.4 - Cross-Site Scripting via Keywords or SearchIndex Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php.
CVE-2009-4973 EXPLOITDB text WORKING POC
TotalCalendar 2.4 - SQL Injection via rss.php selectedCal Parameter
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
CVE-2009-4551 EXPLOITDB text WRITEUP
Miniweb 2.0 - SQL Injection via Survey Pro Campaign ID Parameter
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php.
CVE-2009-4543 EXPLOITDB text WORKING POC
Cromosoft Technologies Facil Helpdesk 2.3 Lite - RCE
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-4541 EXPLOITDB text WORKING POC
IsolSoft Support Center 2.5 - Remote Code Execution via Lang Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-4477 EXPLOITDB text WRITEUP
Xstate Real Estate 1.0 - SQL Injection
SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2009-3419 EXPLOITDB text WRITEUP
Miniweb Publisher Module 2.0 - SQL Injection via Historymonth Parameter
SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.
CVE-2009-2340 EXPLOITDB text WORKING POC
Opial 1.0 - SQL Injection via txtUserName Parameter
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-0828 EXPLOITDB text WRITEUP
QuoteBook - Unauthenticated Sensitive Information Exposure via Direct Request to quotes.inc
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.
CVE-2009-4729 EXPLOITDB text WORKING POC
x10media adult_script 1.7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php.
CVE-2009-4713 EXPLOITDB text WRITEUP
XOOPS Celepar Qas Module - Stored Cross-Site Scripting via cod_categoria and opcao Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php.
CVE-2009-4700 EXPLOITDB text WRITEUP
SkaDate Online Dating Software - Path Traversal via Layout Parameter
Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter.
CVE-2009-4699 EXPLOITDB text WRITEUP
SkaDate Dating - Cross-Site Scripting via PATH_INFO to admin/auth.php and file_uploader.php
Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.
CVE-2009-4696 EXPLOITDB text WORKING POC
RadNICS Gold 5 - SQL Injection via fid Parameter
SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
CVE-2009-4692 EXPLOITDB text WORKING POC
RadScripts RadLance Gold 7.5 - Cross-Site Scripting via index.php pr Parameter
Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action.
CVE-2009-4682 EXPLOITDB text WORKING POC
Good/Bad Vote - Cross-Site Scripting via Vote ID Parameter
Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.
CVE-2009-4680 EXPLOITDB text WORKING POC
phpDirectorySource 1.x - SQL Injection
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2009-3529 EXPLOITDB text WORKING POC
RadScripts RadBids Gold 4 - SQL Injection via fid Parameter
SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.
CVE-2009-3154 EXPLOITDB text WORKING POC
Almond Classifieds (com_aclassf) 7.5 - SQL Injection via replid Parameter
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
CVE-2009-2777 EXPLOITDB text WORKING POC
GarageSales Script - SQL Injection via visitor/view.php key Parameter
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2009-3539 EXPLOITDB text WORKING POC
YourFreeWorld Ultra Classifieds Pro - Cross-Site Scripting via cname or sn Parameter
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.
CVE-2009-3539 EXPLOITDB text WORKING POC
YourFreeWorld Ultra Classifieds Pro - Cross-Site Scripting via cname or sn Parameter
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.
CVE-2009-3153 EXPLOITDB text WRITEUP
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.