Stefan Schurtz

58 exploits Active since Jun 2008
EIP-2026-111863 EXPLOITDB text WORKING POC
S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting
EIP-2026-111864 EXPLOITDB text WRITEUP
S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting
EIP-2026-111879 EXPLOITDB text WRITEUP
SaltOS - 'download.php' Cross-Site Scripting
CVE-2011-5230 EXPLOITDB text WORKING POC
Seotoaster < 1.9 - SQL Injection via Login or Member Login Parameter
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.
CVE-2011-4958 EXPLOITDB text WORKING POC
SilverStripe < 2.3.13 and 2.4.x < 2.4.6 - Cross-Site Scripting via QUERY_STRING to Template Placeholders
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.
EIP-2026-111232 EXPLOITDB text WORKING POC
phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-110473 EXPLOITDB text WORKING POC
Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-110639 EXPLOITDB text WORKING POC
PHP Address Book 7.0.0 - Multiple Vulnerabilities
EIP-2026-110638 EXPLOITDB text WRITEUP
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2012-2903 EXPLOITDB text WORKING POC
PHP Address Book < 6.1.1 - Cross-Site Scripting via PATH_INFO or Language Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
CVE-2011-4561 EXPLOITDB text WORKING POC
Phorum 5.2.18 - Cross-Site Scripting via PATH_INFO to admin/index.php
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.
CVE-2011-4713 EXPLOITDB text WORKING POC
osCSS2 <= 2.1.0 - Path Traversal via _ID Parameter
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.
EIP-2026-110302 EXPLOITDB text WRITEUP
openEngine 2.0 - Multiple Blind SQL Injection Vulnerabilities
EIP-2026-109394 EXPLOITDB text WRITEUP
Meditate Web Content Editor 'username_input' - SQL Injection
EIP-2026-109439 EXPLOITDB text WRITEUP
MGB - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-108959 EXPLOITDB text WRITEUP
KaiBB 2.0.1 - SQL Injection
EIP-2026-107585 EXPLOITDB text WORKING POC
Hero Framework - users/login 'Username' Cross-Site Scripting
EIP-2026-107584 EXPLOITDB text WORKING POC
Hero Framework - 'search?q' Cross-Site Scripting
CVE-2011-4335 EXPLOITDB text WORKING POC
Contao < 2.10.2 - Cross-Site Scripting via PATH_INFO to index.php
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
CVE-2012-1224 EXPLOITDB text WORKING POC
ContentLion Alpha 1.3 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
EIP-2026-106014 EXPLOITDB text WORKING POC
CMSimple 3.3 - 'index.php' Cross-Site Scripting
EIP-2026-105495 EXPLOITDB text WORKING POC
Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-105580 EXPLOITDB text WORKING POC
BoltWire 3.4.16 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-105525 EXPLOITDB text WORKING POC
Blog:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2012-0900 EXPLOITDB text WRITEUP
Beehive Forum 1.0.1 - Cross-Site Scripting via PATH_INFO to forum/register.php or forum/logon.php
Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php.