Mr_KaLiMaN

22 exploits Active since Dec 2006
CVE-2006-6746 EXPLOITDB text WRITEUP
Xt-News 0.1 - Cross-Site Scripting via id_news Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.
CVE-2006-6747 EXPLOITDB text WRITEUP
dreaxteam xt-news 0.1 - SQL Injection via id_news Parameter
SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.
CVE-2006-6746 EXPLOITDB text WRITEUP
Xt-News 0.1 - Cross-Site Scripting via id_news Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.
CVE-2006-6518 EXPLOITDB text WRITEUP
ProNews 1.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php.
CVE-2006-6519 EXPLOITDB text WRITEUP
ProNews 1.5 - SQL Injection via lire-avis.php aa Parameter
SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter.
CVE-2006-6518 EXPLOITDB text WRITEUP
ProNews 1.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php.
CVE-2006-6520 EXPLOITDB text WRITEUP
Messageriescripthp 2.0 - Cross-Site Scripting via Pseudo, Email, PageName, or CSSForm Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php.
CVE-2006-6521 EXPLOITDB text WRITEUP
Messageriescripthp 2.0 - SQL Injection
SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter.
CVE-2006-6520 EXPLOITDB text WRITEUP
Messageriescripthp 2.0 - Cross-Site Scripting via Pseudo, Email, PageName, or CSSForm Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php.
CVE-2006-6520 EXPLOITDB text WRITEUP
Messageriescripthp 2.0 - Cross-Site Scripting via Pseudo, Email, PageName, or CSSForm Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php.
CVE-2006-6517 EXPLOITDB text WRITEUP
kdpics < 1.16 - Cross-Site Scripting via Categories Parameter
Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3.
CVE-2006-6517 EXPLOITDB text WRITEUP
kdpics < 1.16 - Cross-Site Scripting via Categories Parameter
Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3.
CVE-2006-6569 EXPLOITDB text WRITEUP
GenesisTrader 1.0 - Info Disclosure
form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter.
CVE-2006-6571 EXPLOITDB text WRITEUP
GenesisTrader 1.0 - Cross-Site Scripting via form.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters.
CVE-2006-6479 EXPLOITDB text WRITEUP
AnnonceScriptHP 2.0 - Cross-Site Scripting via Email Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php.
CVE-2006-6479 EXPLOITDB text WRITEUP
AnnonceScriptHP 2.0 - Cross-Site Scripting via Email Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php.
CVE-2006-6478 EXPLOITDB text WRITEUP
AnnonceScriptHP 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.
CVE-2006-6479 EXPLOITDB text WRITEUP
AnnonceScriptHP 2.0 - Cross-Site Scripting via Email Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php.
CVE-2006-6479 EXPLOITDB text WRITEUP
AnnonceScriptHP 2.0 - Cross-Site Scripting via Email Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php.
CVE-2006-6479 EXPLOITDB text WRITEUP
AnnonceScriptHP 2.0 - Cross-Site Scripting via Email Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php.
CVE-2006-6478 EXPLOITDB text WRITEUP
AnnonceScriptHP 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.
CVE-2006-6478 EXPLOITDB text WRITEUP
AnnonceScriptHP 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.