Stefan Schurtz

57 exploits Active since Jun 2008
EIP-2026-111863 EXPLOITDB text WORKING POC
S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting
EIP-2026-111864 EXPLOITDB text WRITEUP
S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting
EIP-2026-111879 EXPLOITDB text WRITEUP
SaltOS - 'download.php' Cross-Site Scripting
CVE-2011-5230 EXPLOITDB text WORKING POC
Seotoaster < 1.9 - SQL Injection
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.
EIP-2026-111232 EXPLOITDB text WORKING POC
phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-110473 EXPLOITDB text WORKING POC
Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-110639 EXPLOITDB text WORKING POC
PHP Address Book 7.0.0 - Multiple Vulnerabilities
EIP-2026-110638 EXPLOITDB text WRITEUP
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2012-2903 EXPLOITDB text WORKING POC
PHP Address Book <7.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
CVE-2011-4561 EXPLOITDB text WORKING POC
Phorum - XSS
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.
CVE-2011-4713 EXPLOITDB text WORKING POC
Oscss < 2.10 - Path Traversal
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.
EIP-2026-110302 EXPLOITDB text WRITEUP
openEngine 2.0 - Multiple Blind SQL Injection Vulnerabilities
EIP-2026-109394 EXPLOITDB text WRITEUP
Meditate Web Content Editor 'username_input' - SQL Injection
EIP-2026-109439 EXPLOITDB text WRITEUP
MGB - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-108959 EXPLOITDB text WRITEUP
KaiBB 2.0.1 - SQL Injection
EIP-2026-107585 EXPLOITDB text WORKING POC
Hero Framework - users/login 'Username' Cross-Site Scripting
EIP-2026-107584 EXPLOITDB text WORKING POC
Hero Framework - 'search?q' Cross-Site Scripting
CVE-2011-4335 EXPLOITDB text WORKING POC
Contao <2.10.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
CVE-2012-1224 EXPLOITDB text WORKING POC
Contentlion Alpha - XSS
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
EIP-2026-106014 EXPLOITDB text WORKING POC
CMSimple 3.3 - 'index.php' Cross-Site Scripting
EIP-2026-105495 EXPLOITDB text WORKING POC
Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-105580 EXPLOITDB text WORKING POC
BoltWire 3.4.16 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-105525 EXPLOITDB text WORKING POC
Blog:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2012-0900 EXPLOITDB text WRITEUP
Beehive Forum 1.0.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php.
CVE-2012-6528 EXPLOITDB text WORKING POC
Atutor < 2.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.