Omer Singer

16 exploits Active since Oct 2007
EIP-2026-114459 EXPLOITDB text WORKING POC
XOOPS 2.2.5 - 'register.php' Cross-Site Scripting
CVE-2008-6097 EXPLOITDB text WORKING POC
WikyBlog <1.7.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php.
CVE-2007-6696 EXPLOITDB text WORKING POC
WebCalendar 1.1.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
CVE-2007-6696 EXPLOITDB text WORKING POC
WebCalendar 1.1.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
EIP-2026-111365 EXPLOITDB text WORKING POC
Plume CMS 1.2.2 - '/manager/xmedia.php' Cross-Site Scripting
CVE-2007-5386 EXPLOITDB text WORKING POC
Phpmyadmin - XSS
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2007-5589 EXPLOITDB text WORKING POC
Phpmyadmin < 2.11.1.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.
CVE-2007-6564 EXPLOITDB text WORKING POC
Limbo CMS 1.0.4.2 - XSS
Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
CVE-2008-6174 EXPLOITDB text WRITEUP
Jetbox Cms - XSS
Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter.
CVE-2008-4651 EXPLOITDB text WRITEUP
Jetbox Cms - SQL Injection
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
CVE-2008-4651 EXPLOITDB text WRITEUP
Jetbox Cms - SQL Injection
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
CVE-2008-0540 EXPLOITDB text WORKING POC
Trixbox - XSS
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
CVE-2008-0540 EXPLOITDB text WORKING POC
Trixbox - XSS
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
EIP-2026-106919 EXPLOITDB text WRITEUP
eTicket 1.5.5 - 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities
CVE-2008-4459 EXPLOITDB text WORKING POC
Extrovert Software Thyme - SQL Injection
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6637 EXPLOITDB text WORKING POC
Libraryvideocompany Safari Montage < 3.1.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters.