blake

CVE-2009-3911 EXPLOITDB text WORKING POC

TFTgallery 0.13 - Cross-Site Scripting via Sample Parameter

Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter.

View Code

CVE-2009-3833 EXPLOITDB text WRITEUP

TFTgallery 0.13 - Cross-Site Scripting via Album Parameter

Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

View Code

CVE-2009-3912 EXPLOITDB text WORKING POC

TFTgallery 0.13 - Path Traversal via Album Parameter

Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter.

View Code

CVE-2010-0970 EXPLOITDB text WORKING POC

PhpMyLogon 2 - SQL Injection via Username Parameter

SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-110697 EXPLOITDB text WORKING POC

PHP File Sharing System 1.5.1 - Multiple Vulnerabilities

View Code

EIP-2026-110287 EXPLOITDB text WRITEUP

OpenEMR 3.2.0 - SQL Injection / Cross-Site Scripting

View Code

CVE-2012-6560 EXPLOITDB text WORKING POC

FreeNAC 3.02 - SQL Injection via Device Add Status Parameter

SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.

View Code

EIP-2026-107264 EXPLOITDB text WORKING POC

Front Door 0.4b - SQL Injection

View Code

CVE-2010-4858 EXPLOITDB text WORKING POC

DNET Live-Stats <0.8 - Path Traversal

Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.

View Code