bi0

23 exploits Active since Mar 2009
EIP-2026-114584 EXPLOITDB text WRITEUP
ZeeCareers 2.x - PHP HR Manager Website (Cross-Site Scripting / Authentication Bypass)
CVE-2009-4601 EXPLOITDB text WORKING POC
ZeeJobsite 3x - Cross-Site Scripting via Basic Search Result Title Parameter
Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows remote attackers to inject arbitrary web script or HTML via the title parameter.
EIP-2026-114583 EXPLOITDB text WRITEUP
Zeecareers 2.0 - Cross-Site Scripting / Authentication Bypass
CVE-2008-6498 EXPLOITDB text WRITEUP
XAMPP 1.6.8 - Cross-Site Request Forgery via xampppasswd Parameter
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
EIP-2026-112634 EXPLOITDB text WORKING POC
The Next Generation of Genealogy Sitebuilding - 'searchform.php' Cross-Site Scripting
EIP-2026-112610 EXPLOITDB text WORKING POC
Text Exchange Pro - Cross-Site Request Forgery (Add Admin)
EIP-2026-111705 EXPLOITDB text WRITEUP
Real Estate Manager 1.0.1 - 'index.php' Cross-Site Scripting
EIP-2026-111475 EXPLOITDB text WORKING POC
Pre Job Board 1.0 - Authentication Bypass
CVE-2009-4382 EXPLOITDB text WRITEUP
phpfaber Content Management System - Cross-Site Scripting via mod Parameter
Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter.
EIP-2026-110743 EXPLOITDB text WORKING POC
PHP Product Catalog - Cross-Site Request Forgery (Change Administrator Password)
EIP-2026-109536 EXPLOITDB text WORKING POC
Model Agency Manager - 'search_process.php' Cross-Site Scripting
CVE-2009-4381 EXPLOITDB text WRITEUP
texmedia Million Pixel Script 3 - Cross-Site Scripting via pa Parameter
Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4349 EXPLOITDB text WORKING POC
Link Up Gold 5.0 - Cross-Site Request Forgery in Administrative Account Creation
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
EIP-2026-109343 EXPLOITDB text WORKING POC
Matrimony Script - Cross-Site Request Forgery
EIP-2026-108118 EXPLOITDB text WORKING POC
Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities
EIP-2026-107786 EXPLOITDB text WORKING POC
Illogator Shop - SQL Injection Bypass
EIP-2026-106689 EXPLOITDB text WORKING POC
Easy Banner Pro - Cross-Site Request Forgery (Add Admin)
EIP-2026-105616 EXPLOITDB text WORKING POC
BPTutors Tutoring site script - Cross-Site Request Forgery (Add Admin)
EIP-2026-104903 EXPLOITDB text WRITEUP
Acc Auto Dealer Script 5.0 - Persistent Cross-Site Scripting / SQL Backup
CVE-2009-4828 EXPLOITDB text WORKING POC
Ad Manager Pro 3.0 - Cross-Site Request Forgery in Admin User Creation
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information.
CVE-2009-4906 EXPLOITDB text WORKING POC
Acc PHP eMail 1.1 - Cross-Site Request Forgery in Password Change
Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
EIP-2026-100496 EXPLOITDB text WRITEUP
Pre Jobo.NET - Multiple SQL Injections
EIP-2026-100495 EXPLOITDB text WRITEUP
Pre Jobo .NET - Authentication Bypass