benjamin mossé

5 exploits Active since Nov 2006
CVE-2006-5975 EXPLOITDB text WRITEUP
Drumster Blogme - XSS
Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.
CVE-2006-5863 EXPLOITDB text WORKING POC
LetterIt 2 - RCE
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2006-6084 EXPLOITDB text WORKING POC
Unverse.net Abitwhizzy - Path Traversal
Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-5962 EXPLOITDB text WORKING POC
Hpecs Shopping Cart - SQL Injection
Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp.
CVE-2006-5976 EXPLOITDB text WRITEUP
Drumster Blogme - SQL Injection
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.