Moudi

192 exploits Active since Jan 2009
CVE-2009-3601 EXPLOITDB text WORKING POC
Scriptsez Ultimate Poll - Cross-Site Scripting via demo_page.php clr Parameter
Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action.
CVE-2009-2551 EXPLOITDB text WORKING POC
ScriptsEz Easy Image Downloader - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php.
CVE-2009-3311 EXPLOITDB text WORKING POC
RSSMediaScript - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2009-2339 EXPLOITDB text WRITEUP
Rentventory - SQL Injection via Product Parameter
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVE-2009-4697 EXPLOITDB text WORKING POC
RadNICS Gold 5 - Cross-Site Scripting via Order or Fid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.
CVE-2009-4695 EXPLOITDB text WORKING POC
RadScripts RadLance Gold 7.5 - SQL Injection
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
CVE-2009-3530 EXPLOITDB text WORKING POC
RadScripts RadBids Gold 4 - Cross-Site Scripting via Storefront Mode Parameter
Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
EIP-2026-111662 EXPLOITDB text WORKING POC
RadAFFILIATE Links - 'index.php' Cross-Site Scripting
CVE-2009-3066 EXPLOITDB text WORKING POC
Property Watch 2.0 - Cross-Site Scripting via VideoID or Redirect Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.
CVE-2009-3066 EXPLOITDB text WORKING POC
Property Watch 2.0 - Cross-Site Scripting via VideoID or Redirect Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.
EIP-2026-111556 EXPLOITDB text WORKING POC
Proxy List Script - 'index.php' Cross-Site Scripting
CVE-2009-4690 EXPLOITDB text WORKING POC
YourFreeWorld Programs Rating Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.
CVE-2009-4690 EXPLOITDB text WORKING POC
YourFreeWorld Programs Rating Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.
CVE-2009-3513 EXPLOITDB text WRITEUP
Pilot Group pg_etraining - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
CVE-2009-3513 EXPLOITDB text WRITEUP
Pilot Group pg_etraining - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
CVE-2009-3513 EXPLOITDB text WRITEUP
Pilot Group pg_etraining - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
EIP-2026-111126 EXPLOITDB text WORKING POC
PHPMass Real Estate - 'view_map.php' Cross-Site Scripting
CVE-2009-3208 EXPLOITDB text WRITEUP
phpfreeBB 1.0 - SQL Injection via id Parameter or year Parameter
Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php.
CVE-2009-4681 EXPLOITDB text WORKING POC
phpDirectorySource 1.x - Cross-Site Scripting via search.php st Parameter
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
CVE-2009-2891 EXPLOITDB text WRITEUP
PHP Scripts Now Riddles - SQL Injection via list.php catid Parameter
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-3493 EXPLOITDB text WORKING POC
Zenas PaoBacheca Guestbook 2.1 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
CVE-2009-3493 EXPLOITDB text WORKING POC
Zenas PaoBacheca Guestbook 2.1 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
CVE-2009-3320 EXPLOITDB text WORKING POC
Zenas PaoLink 1.0 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-2882 EXPLOITDB text WORKING POC
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
CVE-2009-2882 EXPLOITDB text WORKING POC
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.