Moudi

192 exploits Active since Jan 2009
CVE-2009-2882 EXPLOITDB text WORKING POC
Datingpro Matchmaking - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
CVE-2009-2882 EXPLOITDB text WORKING POC
Datingpro Matchmaking - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
CVE-2009-2772 EXPLOITDB text WORKING POC
PG Roommate Finder Solution - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
CVE-2009-2772 EXPLOITDB text WORKING POC
PG Roommate Finder Solution - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
CVE-2009-4856 EXPLOITDB text WORKING POC
Ecomstudio Php Easy Shopping Cart - XSS
Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2009-4857 EXPLOITDB text WORKING POC
Ecomstudio Php Photo Vote1.3f - XSS
Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2009-2889 EXPLOITDB text WORKING POC
Phpscriptsnow Hangman - XSS
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
CVE-2009-2888 EXPLOITDB text WRITEUP
Phpscriptsnow Hangman - SQL Injection
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
CVE-2009-2890 EXPLOITDB text WRITEUP
Phpscriptsnow Riddles - XSS
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
CVE-2009-2388 EXPLOITDB text WORKING POC
Opial 1.0 - SQL Injection
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-110224 EXPLOITDB text WORKING POC
Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities
CVE-2009-2441 EXPLOITDB text WRITEUP
Online Guestbook Pro 5.1 - XSS
Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
CVE-2009-4869 EXPLOITDB text WORKING POC
Hitronsoft Nasim Guest Book - XSS
Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2009-3512 EXPLOITDB text WORKING POC
Phplemon Myweight - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.
CVE-2009-3512 EXPLOITDB text WRITEUP
Phplemon Myweight - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.
CVE-2009-3512 EXPLOITDB text WORKING POC
Phplemon Myweight - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.
EIP-2026-109762 EXPLOITDB text WORKING POC
MyDLstore Pixel Ad Script - 'payment.php' Cross-Site Scripting
EIP-2026-109761 EXPLOITDB text WORKING POC
MyDLstore Meta Search Engine Script 1.0 - 'url' Remote File Inclusion
CVE-2009-3359 EXPLOITDB text WORKING POC
Datetopia Match Agency Biz - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
CVE-2009-3359 EXPLOITDB text WORKING POC
Datetopia Match Agency Biz - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
EIP-2026-109492 EXPLOITDB text WORKING POC
Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities
CVE-2009-4552 EXPLOITDB text WRITEUP
Miniweb 2.0 - XSS
Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2009-3420 EXPLOITDB text WRITEUP
Intesync Miniweb - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO.
EIP-2026-109471 EXPLOITDB text WRITEUP
Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting
EIP-2026-109469 EXPLOITDB text WORKING POC
Million Dollar Pixel Ads - Cross-Site Scripting / SQL Injection