Moudi

192 exploits Active since Jan 2009
CVE-2009-4547 EXPLOITDB text WORKING POC
ViArt CMS 3.x - Cross-Site Scripting via category_id or forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
CVE-2009-3186 EXPLOITDB text WORKING POC
VideoGirls BiZ - Cross-Site Scripting via Forum, Profile, and View Parameters
Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.
CVE-2009-4548 EXPLOITDB text WORKING POC
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
CVE-2009-4548 EXPLOITDB text WORKING POC
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
CVE-2009-4717 EXPLOITDB text WORKING POC
Gonafish WebStatCaffe - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.
CVE-2009-3186 EXPLOITDB text WORKING POC
VideoGirls BiZ - Cross-Site Scripting via Forum, Profile, and View Parameters
Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.
EIP-2026-112811 EXPLOITDB text WORKING POC
TurnkeySetup Net Marketing 6.0 - 'faqs.php' Cross-Site Scripting
CVE-2009-3202 EXPLOITDB text WORKING POC
uloki_php_forum 2.1 - Cross-Site Scripting via Search Term Parameter
Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter.
EIP-2026-112809 EXPLOITDB text WORKING POC
Tukanas Classifieds 1.0 - 'index.php' SQL Injection
CVE-2009-2428 EXPLOITDB text WORKING POC
Tausch Ticket Script 3 - SQL Injection
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
CVE-2009-4750 EXPLOITDB text WRITEUP
Top Paidmailer - Remote Code Execution via home.php page Parameter
PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2009-4858 EXPLOITDB text WORKING POC
Yahoo Answers Clone - Cross-Site Scripting via questionid Parameter
Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
CVE-2009-4974 EXPLOITDB text WORKING POC
TotalCalendar 2.4 - Path Traversal via Box Parameter
Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.
CVE-2009-2428 EXPLOITDB text WRITEUP
Tausch Ticket Script 3 - SQL Injection
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
EIP-2026-112816 EXPLOITDB text WORKING POC
TuttoPHP Morris Guestbook - 'view.php' Cross-Site Scripting
EIP-2026-112498 EXPLOITDB text WORKING POC
SupportPRO SupportDesk 3.0 - 'shownews.php' Cross-Site Scripting
CVE-2009-4752 EXPLOITDB text WRITEUP
Swinger Club Portal - Remote Code Execution via Anzeiger Start PHP Go Parameter
PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter.
CVE-2009-4751 EXPLOITDB text WRITEUP
Swinger Club Portal - Anzeiger <start.php - SQL Injection
SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
CVE-2009-3187 EXPLOITDB text WORKING POC
Standalonearcade Saa - XSS
Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2009-4739 EXPLOITDB text WRITEUP
SkaDate Dating - Remote Code Execution via Language ID Parameter
PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
EIP-2026-112204 EXPLOITDB text WORKING POC
SkaLinks 1.5 - 'cat' Multiple Cross-Site Scripting Vulnerabilities
CVE-2009-2551 EXPLOITDB text WORKING POC
ScriptsEz Easy Image Downloader - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php.
CVE-2009-3601 EXPLOITDB text WORKING POC
Scriptsez Ultimate Poll - Cross-Site Scripting via demo_page.php clr Parameter
Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action.
CVE-2009-4983 EXPLOITDB text WORKING POC
Silurus Classifieds 1.0 - Cross-Site Scripting via ID and Keywords Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php.
CVE-2009-3311 EXPLOITDB text WORKING POC
RSSMediaScript - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.