X1ngBox

6 exploits Active since Sep 2005
CVE-2005-4415 EXPLOITDB text WRITEUP
TML CMS 0.5 - Cross-Site Scripting via Form Parameter
Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter.
CVE-2005-4416 EXPLOITDB text WRITEUP
TML CMS 0.5 - SQL Injection via Index.php ID Parameter
SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4262 EXPLOITDB text WRITEUP
Envolution - Cross-Site Scripting via News Module Parameters
Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263).
CVE-2005-4263 EXPLOITDB text WRITEUP
Envolution - SQL Injection via News Module startrow or catid Parameter
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.
CVE-2005-3127 EXPLOITDB text WORKING POC
lucidcms 1.0.11 - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2005-3083 EXPLOITDB text WORKING POC
CMS Made Simple 0.10 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter.