You_You - Security Researcher - Exploit Intelligence Platform

CVE-2006-5146 EXPLOITDB text WORKING POC

Yblog - Stored Cross-Site Scripting via id Parameter in funk.php

Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.

View Code

CVE-2006-5146 EXPLOITDB text WRITEUP

Yblog - Stored Cross-Site Scripting via id Parameter in funk.php

Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.

View Code

CVE-2006-5146 EXPLOITDB text WORKING POC

Yblog - Stored Cross-Site Scripting via id Parameter in funk.php

Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.

View Code

CVE-2006-4349 EXPLOITDB text WRITEUP

ToendaCMS 1.0.3 - Remote File Inclusion via tcms_administer_site Parameter

PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php

View Code

EIP-2026-111643 EXPLOITDB text WRITEUP

Quickblogger 1.4 - Remote File Inclusion

View Code

EIP-2026-110588 EXPLOITDB text WRITEUP

PHMe 0.0.2 - 'Function_List.php' Local File Inclusion

View Code

CVE-2006-5066 EXPLOITDB text WRITEUP

DanPHPSupport < 1.0 - Cross-Site Scripting via Page or Do Parameter

Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php.

View Code

CVE-2006-5066 EXPLOITDB text WRITEUP

DanPHPSupport < 1.0 - Cross-Site Scripting via Page or Do Parameter

Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php.

View Code