Moudi

192 exploits Active since Jan 2009
CVE-2009-3601 EXPLOITDB text WORKING POC
Scriptsez Ultimate Poll - XSS
Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action.
CVE-2009-2551 EXPLOITDB text WORKING POC
ScriptsEz Easy Image Downloader - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php.
CVE-2009-3311 EXPLOITDB text WORKING POC
Rssmediascript - XSS
Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2009-2339 EXPLOITDB text WRITEUP
Rentventory - SQL Injection
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVE-2009-4697 EXPLOITDB text WORKING POC
RadNICS Gold 5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.
CVE-2009-4695 EXPLOITDB text WORKING POC
RadScripts RadLance Gold 7.5 - SQL Injection
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
CVE-2009-3530 EXPLOITDB text WORKING POC
Radscripts Radbids - XSS
Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
EIP-2026-111662 EXPLOITDB text WORKING POC
RadAFFILIATE Links - 'index.php' Cross-Site Scripting
CVE-2009-3066 EXPLOITDB text WORKING POC
Propertywatchscript Property Watch - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.
CVE-2009-3066 EXPLOITDB text WORKING POC
Propertywatchscript Property Watch - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.
EIP-2026-111556 EXPLOITDB text WORKING POC
Proxy List Script - 'index.php' Cross-Site Scripting
CVE-2009-4690 EXPLOITDB text WORKING POC
YourFreeWorld Programs Rating Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.
CVE-2009-4690 EXPLOITDB text WORKING POC
YourFreeWorld Programs Rating Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.
CVE-2009-3513 EXPLOITDB text WRITEUP
Pilotgroup PG Etraining - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
CVE-2009-3513 EXPLOITDB text WRITEUP
Pilotgroup PG Etraining - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
CVE-2009-3513 EXPLOITDB text WRITEUP
Pilotgroup PG Etraining - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
EIP-2026-111126 EXPLOITDB text WORKING POC
PHPMass Real Estate - 'view_map.php' Cross-Site Scripting
CVE-2009-3208 EXPLOITDB text WRITEUP
Prakashatma Mishra Phpfreebb - SQL Injection
Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php.
CVE-2009-4681 EXPLOITDB text WORKING POC
phpDirectorySource 1.x - XSS
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
CVE-2009-2891 EXPLOITDB text WRITEUP
Phpscriptsnow Riddles - SQL Injection
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-3493 EXPLOITDB text WORKING POC
Zenas Paobacheca Guestbook - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
CVE-2009-3493 EXPLOITDB text WORKING POC
Zenas Paobacheca Guestbook - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
CVE-2009-3320 EXPLOITDB text WORKING POC
Zenas Paolink - XSS
Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-2882 EXPLOITDB text WORKING POC
Datingpro Matchmaking - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
CVE-2009-2882 EXPLOITDB text WORKING POC
Datingpro Matchmaking - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.