Moudi

192 exploits Active since Jan 2009

CVE-2009-4544 EXPLOITDB text WORKING POC

Cromosoft Technologies Facil Helpdesk 2.3 Lite - XSS

Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

View Code

CVE-2009-4544 EXPLOITDB text WRITEUP

Cromosoft Technologies Facil Helpdesk 2.3 Lite - XSS

Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

View Code

CVE-2009-4684 EXPLOITDB text WORKING POC

EZodiak - Cross-Site Scripting via Sign Parameter

Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter.

View Code

CVE-2009-2586 EXPLOITDB text WRITEUP

EDGEPHP EZArticles - Cross-Site Scripting via Title Parameter

Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attackers to inject arbitrary web script or HTML via the title parameter.

View Code

CVE-2009-3598 EXPLOITDB text WORKING POC

ecardmax.com FormXP 2007 - Cross-Site Scripting via survey_result.php sid Parameter

Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

View Code

EIP-2026-106749 EXPLOITDB text WORKING POC

eCardMAX - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2009-2424 EXPLOITDB text WORKING POC

Ebay Clone 2009 - Cross-Site Scripting via Search Mode Parameter

Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

View Code

CVE-2009-3360 EXPLOITDB text WORKING POC

datemill 1.0 - Cross-Site Scripting via return and st Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.

View Code

CVE-2009-3184 EXPLOITDB text WRITEUP

E-Gold Game Series Pirates of The Caribbean - SQL Injection via x and y Parameters

Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters.

View Code

CVE-2009-2587 EXPLOITDB text WRITEUP

DragDropCart - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.

View Code

CVE-2009-2587 EXPLOITDB text WORKING POC

DragDropCart - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.

View Code

CVE-2009-2587 EXPLOITDB text WORKING POC

DragDropCart - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.

View Code

CVE-2009-2587 EXPLOITDB text WORKING POC

DragDropCart - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.

View Code

CVE-2009-2587 EXPLOITDB text WORKING POC

DragDropCart - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.

View Code

CVE-2009-2587 EXPLOITDB text WORKING POC

DragDropCart - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.

View Code

CVE-2009-3189 EXPLOITDB text WORKING POC

DigiOz Guestbook 1.7.2 - Cross-Site Scripting via Search Term Parameter

Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.

View Code

CVE-2009-3355 EXPLOITDB text WORKING POC

Datetopia Buy Dating Site 1.0 - Cross-Site Scripting via profile.php s_r Parameter

Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.

View Code

CVE-2009-3360 EXPLOITDB text WORKING POC

datemill 1.0 - Cross-Site Scripting via return and st Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.

View Code

CVE-2009-3360 EXPLOITDB text WORKING POC

datemill 1.0 - Cross-Site Scripting via return and st Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.

View Code

CVE-2009-4691 EXPLOITDB text WORKING POC

Classified Linktrader Script - SQL Injection

SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter.

View Code

CVE-2009-3509 EXPLOITDB text WORKING POC

CJ Dynamic Poll PRO 2.0 - Cross-Site Scripting via PATH_INFO

Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

View Code

CVE-2009-3057 EXPLOITDB text WORKING POC

AOM Software Beex 3 - Cross-Site Scripting via navaction Parameter

Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.

View Code

CVE-2009-3057 EXPLOITDB text WORKING POC

AOM Software Beex 3 - Cross-Site Scripting via navaction Parameter

Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.

View Code

CVE-2009-3225 EXPLOITDB text WORKING POC

Almond Classifieds - Cross-Site Scripting via Page or Address Parameter

Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2009-3195 EXPLOITDB text WORKING POC

JCE-Tech Auction RSS Content Script 3.0 - Cross-Site Scripting via id Parameter

Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.

View Code