Omer Singer

16 exploits Active since Oct 2007
EIP-2026-114459 EXPLOITDB text WORKING POC
XOOPS 2.2.5 - 'register.php' Cross-Site Scripting
CVE-2008-6097 EXPLOITDB text WORKING POC
wikyblog < 1.7.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php.
CVE-2007-6696 EXPLOITDB text WORKING POC
WebCalendar 1.1.6 - Cross-Site Scripting via Event Description, pref.php Query String, and search.php adv Parameter
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
CVE-2007-6696 EXPLOITDB text WORKING POC
WebCalendar 1.1.6 - Cross-Site Scripting via Event Description, pref.php Query String, and search.php adv Parameter
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
EIP-2026-111365 EXPLOITDB text WORKING POC
Plume CMS 1.2.2 - '/manager/xmedia.php' Cross-Site Scripting
CVE-2007-5386 EXPLOITDB text WORKING POC
phpMyAdmin 2.11.1 - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2007-5589 EXPLOITDB text WORKING POC
phpMyAdmin < 2.11.1.2 - Cross-Site Scripting via PHP_SELF and PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.
CVE-2007-6564 EXPLOITDB text WORKING POC
Limbo CMS 1.0.4.2 - Cross-Site Scripting via com_option Parameter
Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
CVE-2008-6174 EXPLOITDB text WRITEUP
Jetbox CMS 2.1 - Cross-Site Scripting via Liste Parameter
Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter.
CVE-2008-4651 EXPLOITDB text WRITEUP
Jetbox CMS 2.1 - Authenticated SQL Injection via orderby Parameter or nav_id Parameter
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
CVE-2008-4651 EXPLOITDB text WRITEUP
Jetbox CMS 2.1 - Authenticated SQL Injection via orderby Parameter or nav_id Parameter
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
CVE-2008-0540 EXPLOITDB text WORKING POC
trixbox 2.4.2.0 - Cross-Site Scripting via User or Maintenance Index Query String
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
CVE-2008-0540 EXPLOITDB text WORKING POC
trixbox 2.4.2.0 - Cross-Site Scripting via User or Maintenance Index Query String
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
EIP-2026-106919 EXPLOITDB text WRITEUP
eTicket 1.5.5 - 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities
CVE-2008-4459 EXPLOITDB text WORKING POC
eXtrovert Thyme 1.3 - SQL Injection via uname_search Parameter
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6637 EXPLOITDB text WORKING POC
SAFARI Montage < 3.1.3 - Cross-Site Scripting via School and Email Parameters
Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters.