Stink'

5 exploits Active since Aug 2008
CVE-2009-4433 EXPLOITDB text WRITEUP
IDevSpot iSupport <1.8 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information.
EIP-2026-112913 EXPLOITDB text WORKING POC
Uploader by CeleronDude 5.3.0 - Arbitrary File Upload (1)
EIP-2026-112914 EXPLOITDB text WORKING POC
Uploader by CeleronDude 5.3.0 - Arbitrary File Upload (2)
CVE-2008-3679 EXPLOITDB text WRITEUP
IDevSpot PhpLinkExchange 1.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4434 EXPLOITDB text WRITEUP
IDevSpot iSupport <1.8 - Path Traversal
Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter.