Moudi

192 exploits Active since Jan 2009
EIP-2026-109430 EXPLOITDB text WORKING POC
Meta Search Engine Script - 'url' Local File Disclosure
CVE-2009-3647 EXPLOITDB text WORKING POC
YABSoft Mega File Hosting Script 1.2 - Cross-Site Scripting via emaullinks.php moudi Parameter
Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-109348 EXPLOITDB text WORKING POC
Matterdaddy Market 1.x - 'index.php' Cross-Site Scripting
CVE-2009-3155 EXPLOITDB text WORKING POC
Almond Classifieds (com_aclassf) 7.5 - Cross-Site Scripting via addr Parameter
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
EIP-2026-108493 EXPLOITDB text WORKING POC
Joomla! Component com_pressrelease - 'id' SQL Injection
EIP-2026-108440 EXPLOITDB text WORKING POC
Joomla! Component com_mediaalert - 'id' SQL Injection
EIP-2026-108200 EXPLOITDB text WORKING POC
Joomla! Component Almond Classifieds 7.5 - Cross-Site Scripting / SQL Injection
CVE-2009-2588 EXPLOITDB text WRITEUP
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
CVE-2009-2427 EXPLOITDB text WRITEUP
Jobbr 2.2.7 - SQL Injection via emp_id Parameter
SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbitrary SQL commands via the emp_id parameter.
EIP-2026-108097 EXPLOITDB text WORKING POC
JNM Solutions DB Top Sites 1.0 - 'vote.php' Cross-Site Scripting
CVE-2009-2440 EXPLOITDB text WORKING POC
JNM Guestbook 3.0 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2009-3194 EXPLOITDB text WORKING POC
JCE-Tech SearchFeed Script - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-3196 EXPLOITDB text WORKING POC
php_video_script - Cross-Site Scripting via Key Parameter
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.
CVE-2009-4542 EXPLOITDB text WORKING POC
IsolSoft Support Center 2.5 - Cross-Site Scripting via lang Parameter
Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2009-2588 EXPLOITDB text WORKING POC
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
CVE-2009-2588 EXPLOITDB text WORKING POC
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
CVE-2009-3593 EXPLOITDB text WORKING POC
Freelancers 1.0 - Cross-Site Scripting via id or jobid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to placebid.php and (2) jobid parameter to post_resume.php.
CVE-2009-3222 EXPLOITDB text WORKING POC
FreeWebScriptz Honest Traffic 1.x - Cross-Site Scripting via msg Parameter
Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2009-4868 EXPLOITDB text WORKING POC
Hitron Soft Answer Me 1.0 - Cross-Site Scripting via q_id Parameter
Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information.
CVE-2009-4683 EXPLOITDB text WORKING POC
Good/Bad Vote <unknown> - Path Traversal
Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information.
CVE-2009-3858 EXPLOITDB text WORKING POC
GejoSoft - Cross-Site Scripting via PATH_INFO to photos/tags
Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags.
CVE-2009-2778 EXPLOITDB text WORKING POC
GarageSales Script - Cross-Site Scripting via Key Parameter
Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3599 EXPLOITDB text WRITEUP
HUBScript 1.0 - Cross-Site Scripting via bid_id Parameter
Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id parameter.
CVE-2009-3593 EXPLOITDB text WORKING POC
Freelancers 1.0 - Cross-Site Scripting via id or jobid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to placebid.php and (2) jobid parameter to post_resume.php.
EIP-2026-107056 EXPLOITDB text WRITEUP
Fast Guest Book - Authentication Bypass