Sajjad Pourali

8 exploits Active since Jan 2012
CVE-2012-0722 EXPLOITDB WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0722. Reason: This candidate is a duplicate of CVE-2013-0722. A year-transition issue caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-0722 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2020-37103 EXPLOITDB MEDIUM text WORKING POC
DotNetNuke 9.5 - XSS
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially bypassing CSRF protections and performing more damaging attacks.
CVSS 6.4
CVE-2013-0722 EXPLOITDB text WORKING POC
Ettercap 0.7.5.1- - Buffer Overflow
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
CVE-2013-5117 EXPLOITDB text WORKING POC
DotNetNuke <10.1 - SQL Injection
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
EIP-2026-100647 EXPLOITDB text WORKING POC
DotNetNuke 9.5 - File Upload Restrictions Bypass
CVE-2012-0389 EXPLOITDB text WORKING POC
MailEnable <6.03 - XSS
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
CVE-2012-0389 EXPLOITDB text WRITEUP
MailEnable <6.03 - XSS
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
EIP-2026-100279 EXPLOITDB text WORKING POC
DotNetNuke 6.1.x - Cross-Site Scripting