benjamin mossé

5 exploits Active since Nov 2006
CVE-2006-5975 EXPLOITDB text WRITEUP
BlogMe 3.0 - Stored Cross-Site Scripting via Name URL or Comments Field
Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.
CVE-2006-5863 EXPLOITDB text WORKING POC
otterware letterit2 - Remote File Inclusion via lang Parameter
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2006-6084 EXPLOITDB text WORKING POC
aBitWhizzy - Directory Traversal via f Parameter
Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-5962 EXPLOITDB text WORKING POC
Hpecs Shopping Cart - SQL Injection via Username, Password, or Search Parameter
Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp.
CVE-2006-5976 EXPLOITDB text WRITEUP
BlogMe 3.0 - SQL Injection via Username or Password Field
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.