black-code

9 exploits Active since Jun 2006
EIP-2026-113036 EXPLOITDB text WRITEUP
vCard 2.9 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2006-3374 EXPLOITDB text WRITEUP
randshop < 1.2 - Remote File Inclusion via index.php incl Parameter
PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter.
CVE-2006-2728 EXPLOITDB text WRITEUP
Photoalbum B&W 1.3 - Cross-Site Scripting via Pic Parameter
Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter.
CVE-2006-3980 EXPLOITDB text WORKING POC
Mambo Gallery Manager < 0.95r2 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3763 EXPLOITDB text WORKING POC
Diesel Joke Site - SQL Injection via category.php id Parameter
SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-106154 EXPLOITDB text WRITEUP
CoolPHP - 'index.php' Cross-Site Scripting
CVE-2006-7042 EXPLOITDB text WRITEUP
chipmunk_directory - Cross-Site Scripting via Start Parameter
Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter.
EIP-2026-105830 EXPLOITDB text WRITEUP
Chipmunk 1.4 - 'Guestbook index.php' Cross-Site Scripting
EIP-2026-105215 EXPLOITDB text WRITEUP
AR-Blog 5.2 - Multiple Cross-Site Scripting Vulnerabilities