Stefan Schurtz - Security Researcher - Exploit Intelligence Platform

CVE-2012-2331 EXPLOITDB WRITEUP

Serendipity <1.6.1 - XSS

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).

View Code

CVE-2008-2565 EXPLOITDB WORKING POC

Php-address Book < 4.0 - SQL Injection

Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.

View Code

CVE-2008-2566 EXPLOITDB WORKING POC

Php-address Book < 3.1.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.

View Code

CVE-2012-2599 EXPLOITDB WORKING POC

Rejected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3835. Reason: This issue was MERGED into CVE-2012-3835 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2012-3835 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

View Code

CVE-2012-1912 EXPLOITDB text WORKING POC

Chatelao Php Address Book < 7.0 - XSS

Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.

View Code

CVE-2012-1911 EXPLOITDB text WORKING POC

Chatelao Php Address Book < 6.2.11 - SQL Injection

Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.

View Code

CVE-2012-3834 EXPLOITDB text WORKING POC

Alienvault Open Source Security Information Management - SQL Injection

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.

View Code

CVE-2011-4717 EXPLOITDB perl WORKING POC

Zftpserver Suite - Path Traversal

Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.

View Code

CVE-2012-5905 EXPLOITDB perl WORKING POC

Elif Keir Knftpd - Memory Corruption

Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.

View Code

EIP-2026-114529 EXPLOITDB text WRITEUP

Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting

View Code

CVE-2012-6520 EXPLOITDB text WRITEUP

Wikidforum - SQL Injection

Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties.

View Code

CVE-2012-2099 EXPLOITDB text WRITEUP

Wikidforum - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.

View Code

CVE-2012-5913 EXPLOITDB text WORKING POC

Wordpress Integrator - XSS

Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

View Code

CVE-2012-2099 EXPLOITDB text WRITEUP

Wikidforum - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.

View Code

EIP-2026-113743 EXPLOITDB text WRITEUP

WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting

View Code

CVE-2012-5102 EXPLOITDB text WORKING POC

VertrigoServ 2.25 - XSS

Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter.

View Code

EIP-2026-113356 EXPLOITDB text WORKING POC

WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities

View Code

CVE-2011-4551 EXPLOITDB text WORKING POC

Tikiwiki Cms/groupware < 8.1 - XSS

Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.

View Code

EIP-2026-112181 EXPLOITDB text WORKING POC

Site@School 2.4.10 - '/index.php' Cross-Site Scripting / SQL Injection

View Code

CVE-2012-5105 EXPLOITDB text WORKING POC

SQLiteManager 1.2.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.

View Code

CVE-2012-5105 EXPLOITDB text WORKING POC

SQLiteManager 1.2.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.

View Code

CVE-2012-2332 EXPLOITDB text WRITEUP

Serendipity <1.6.1 - SQL Injection

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).

View Code

EIP-2026-111863 EXPLOITDB text WORKING POC

S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting

View Code

CVE-2011-4958 EXPLOITDB text WORKING POC

Silverstripe < 2.3.12 - XSS

Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.

View Code

EIP-2026-111864 EXPLOITDB text WRITEUP

S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting

View Code