Moudi

192 exploits Active since Jan 2009
CVE-2009-2882 EXPLOITDB text WORKING POC
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
CVE-2009-2882 EXPLOITDB text WORKING POC
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
CVE-2009-2772 EXPLOITDB text WORKING POC
PG Roommate Finder Solution - Cross-Site Scripting via Part Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
CVE-2009-2772 EXPLOITDB text WORKING POC
PG Roommate Finder Solution - Cross-Site Scripting via Part Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
CVE-2009-4856 EXPLOITDB text WORKING POC
PHP Easy Shopping Cart 3.1R - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2009-4857 EXPLOITDB text WORKING POC
PHP Photo Vote 1.3F - Cross-Site Scripting via Login Page Parameter
Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2009-2889 EXPLOITDB text WORKING POC
PHP Scripts Now Hangman - Cross-Site Scripting via Letters Parameter
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
CVE-2009-2888 EXPLOITDB text WRITEUP
PHP Scripts Now Hangman - SQL Injection via index.php n Parameter
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
CVE-2009-2890 EXPLOITDB text WRITEUP
PHP Scripts Now Riddles - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
CVE-2009-2388 EXPLOITDB text WORKING POC
Opial 1.0 - SQL Injection via txtPassword Parameter
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-110224 EXPLOITDB text WORKING POC
Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities
CVE-2009-2441 EXPLOITDB text WRITEUP
Online Guestbook Pro 5.1 - Cross-Site Scripting via entry Parameter
Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
CVE-2009-4869 EXPLOITDB text WORKING POC
Nasim Guest Book 1.2 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2009-3512 EXPLOITDB text WORKING POC
MyWeight 1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.
CVE-2009-3512 EXPLOITDB text WRITEUP
MyWeight 1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.
CVE-2009-3512 EXPLOITDB text WORKING POC
MyWeight 1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.
EIP-2026-109762 EXPLOITDB text WORKING POC
MyDLstore Pixel Ad Script - 'payment.php' Cross-Site Scripting
EIP-2026-109761 EXPLOITDB text WORKING POC
MyDLstore Meta Search Engine Script 1.0 - 'url' Remote File Inclusion
CVE-2009-3359 EXPLOITDB text WORKING POC
Match Agency BiZ 1.0 - Cross-Site Scripting via Important Parameter or PID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
CVE-2009-3359 EXPLOITDB text WORKING POC
Match Agency BiZ 1.0 - Cross-Site Scripting via Important Parameter or PID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
EIP-2026-109492 EXPLOITDB text WORKING POC
Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities
CVE-2009-4552 EXPLOITDB text WRITEUP
Miniweb 2.0 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2009-3420 EXPLOITDB text WRITEUP
Miniweb Publisher 2.0 - Cross-Site Scripting via Begin Parameter or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO.
EIP-2026-109471 EXPLOITDB text WRITEUP
Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting
EIP-2026-109469 EXPLOITDB text WORKING POC
Million Dollar Pixel Ads - Cross-Site Scripting / SQL Injection