NBBN

11 exploits Active since Jan 2008
CVE-2008-0617 EXPLOITDB text WRITEUP
DMSGuestbook 1.7.0 - Cross-Site Scripting via File Parameter or Message Field
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea.
CVE-2008-0615 EXPLOITDB text WRITEUP
DMSGuestbook 1.7.0-1.8.0 - Authenticated Path Traversal via Folder and File Parameters
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.
CVE-2008-1060 EXPLOITDB text WORKING POC
Sniplets Plugin 1.1.2 and 1.2.2 - Remote Code Execution via Text Parameter
Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.
CVE-2008-1059 EXPLOITDB text WORKING POC
Sniplets Plugin 1.1.2 and 1.2.2 - Remote Code Execution via libpath Parameter
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
CVE-2008-1061 EXPLOITDB text WORKING POC
Sniplets Plugin 1.1.2 and 1.2.2 for WordPress - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
CVE-2008-0691 EXPLOITDB text WORKING POC
WP-Footnotes 2.2 - Cross-Site Scripting via Multiple Admin Panel Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters.
CVE-2008-0616 EXPLOITDB text WRITEUP
DMSGuestbook 1.7.0 - Authenticated SQL Injection
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2008-0857 EXPLOITDB php WORKING POC
WoltLab Burning Board 3.0.3 PL 1 - SQL Injection via PMList sortOrder Parameter
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
CVE-2008-0574 EXPLOITDB text WRITEUP
webSPELL 4.01.02 - Cross-Site Scripting via Sort Parameter in Whoisonline Action
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.
CVE-2008-7222 EXPLOITDB html WORKING POC
RunCMS 1.6.1 - Cross-Site Scripting via RankForumAdd rank_title Parameter
Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action.
CVE-2008-0439 EXPLOITDB text WRITEUP
DeluxeBB 1.1 - Cross-Site Scripting via lang_listofmatches Parameter
Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.