Stefan Schurtz

58 exploits Active since Jun 2008
CVE-2012-4748 EXPLOITDB text WORKING POC
Admidio 2.3.5 - Multiple Vulnerabilities
CVE-2012-2331 EXPLOITDB WRITEUP
Serendipity < 1.6.1 - Cross-Site Scripting via serendipity[textarea] Parameter
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
CVE-2008-2565 EXPLOITDB WORKING POC
php-address_book < 4.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
CVE-2008-2566 EXPLOITDB WORKING POC
php-address_book < 3.1.5 - Cross-Site Scripting via Group Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
CVE-2012-2599 EXPLOITDB WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3835. Reason: This issue was MERGED into CVE-2012-3835 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2012-3835 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2012-1912 EXPLOITDB text WORKING POC
PHP Address Book < 7.0 - Cross-Site Scripting via Preferences from Parameter
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
CVE-2012-1911 EXPLOITDB text WORKING POC
PHP Address Book < 6.2.11 - SQL Injection via to_group or id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
CVE-2012-3834 EXPLOITDB text WORKING POC
AlienVault Open Source Security Information Management 3.1 - Authenticated SQL Injection via time[0][0] Parameter
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
CVE-2011-4717 EXPLOITDB perl WORKING POC
zFTPServer Suite 6.0.0.52 - Authenticated Path Traversal via RMD Command
Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.
CVE-2012-5905 EXPLOITDB perl WORKING POC
KnFTPd 1.0.0 - Authenticated Denial of Service via FEAT Command Buffer Overflow
Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.
EIP-2026-114529 EXPLOITDB text WRITEUP
Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting
CVE-2012-6520 EXPLOITDB text WRITEUP
Wikidforum 2.10 - SQL Injection via Advanced Search Parameters
Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties.
CVE-2012-2099 EXPLOITDB text WRITEUP
Wikidforum 2.10 - Cross-Site Scripting via Search Field or Advanced Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
CVE-2012-5913 EXPLOITDB text WORKING POC
WordPress Integrator 1.32 - Cross-Site Scripting via redirect_to Parameter
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
CVE-2012-2099 EXPLOITDB text WRITEUP
Wikidforum 2.10 - Cross-Site Scripting via Search Field or Advanced Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
EIP-2026-113743 EXPLOITDB text WRITEUP
WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting
CVE-2012-5102 EXPLOITDB text WORKING POC
VertrigoServ 2.25 - Cross-Site Scripting via ext Parameter
Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter.
EIP-2026-113356 EXPLOITDB text WORKING POC
WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities
CVE-2011-4551 EXPLOITDB text WORKING POC
TikiWiki CMS/Groupware < 8.1 - Cross-Site Scripting via tiki-cookie-jar.php Parameters
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
EIP-2026-112181 EXPLOITDB text WORKING POC
Site@School 2.4.10 - '/index.php' Cross-Site Scripting / SQL Injection
CVE-2012-5105 EXPLOITDB text WORKING POC
SQLiteManager 1.2.4 - Cross-Site Scripting via dbsel or nsextt Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
CVE-2012-5105 EXPLOITDB text WORKING POC
SQLiteManager 1.2.4 - Cross-Site Scripting via dbsel or nsextt Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
CVE-2012-2332 EXPLOITDB text WRITEUP
Serendipity < 1.6.1 - SQL Injection via serendipity[plugin_to_conf] Parameter
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
EIP-2026-111863 EXPLOITDB text WORKING POC
S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting
CVE-2011-4958 EXPLOITDB text WORKING POC
SilverStripe < 2.3.13 and 2.4.x < 2.4.6 - Cross-Site Scripting via QUERY_STRING to Template Placeholders
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.