dr_insane

57 exploits Active since Dec 2004
EIP-2026-112410 EXPLOITDB text WRITEUP
SquirrelMail 1.2.11 - Multiple Vulnerabilities
EIP-2026-112411 EXPLOITDB text WRITEUP
SquirrelMail 1.2.11 Administrator Plugin - 'options.php' Arbitrary Admin Account Creation
EIP-2026-112409 EXPLOITDB text WRITEUP
SquirrelMail 1.2.11 - 'move_messages.php' Arbitrary File Moving
EIP-2026-104298 EXPLOITDB text WRITEUP
Keene Digital Media Server 1.0.2 - Cross-Site Scripting
CVE-2004-2494 EXPLOITDB text WRITEUP
Ability Mail Server 1.18 - Cross-Site Scripting via erromsg Parameter
Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.
EIP-2026-103905 EXPLOITDB text WRITEUP
futurewave webx server 1.1 - Directory Traversal
EIP-2026-103639 EXPLOITDB text WRITEUP
PSCS VPOP3 2.0 - Email Server Remote Denial of Service
CVE-2004-2519 EXPLOITDB text WRITEUP
Gattaca Server 2003 1.1.10.0 - Denial of Service via LANGUAGE Parameter Directory Specifiers
Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".
CVE-2004-2520 EXPLOITDB text WORKING POC
Gattaca Server 2003 1.1.10.0 - Authenticated Denial of Service via Large Numeric Value in POP3 Commands
POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands.
EIP-2026-102493 EXPLOITDB text WRITEUP
Macromedia JRun 4.0 build 61650 - Administrative Interface Multiple Cross-Site Scripting Vulnerabilities
CVE-2005-4206 EXPLOITDB MEDIUM text WRITEUP
Blackboard Academic Suite < 6.0.0.0 - URL Redirection via frameset.jsp url Parameter
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.
CVSS 6.1
EIP-2026-100802 EXPLOITDB text WRITEUP
FloosieTek FTGate Mail Server 1.2 - Full Path Disclosure
EIP-2026-100801 EXPLOITDB text WRITEUP
FloosieTek FTGate Mail Server 1.2 - 'index.fts?folder' Cross-Site Scripting
CVE-2004-2385 EXPLOITDB text WRITEUP
EMU Webmail 5.2.7 - Info Disclosure
EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.
CVE-2004-2334 EXPLOITDB text WORKING POC
EMU Webmail 5.2.7 - Cross-Site Scripting via Hex-Encoded Variable or Folder Parameter
Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.
CVE-2004-2447 EXPLOITDB text WRITEUP
1st Class Mail Server 4.01 - Cross-Site Scripting via Mailbox Parameter
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
CVE-2004-2447 EXPLOITDB text WRITEUP
1st Class Mail Server 4.01 - Cross-Site Scripting via Mailbox Parameter
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
CVE-2004-2447 EXPLOITDB text WRITEUP
1st Class Mail Server 4.01 - Cross-Site Scripting via Mailbox Parameter
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
CVE-2004-2447 EXPLOITDB text WRITEUP
1st Class Mail Server 4.01 - Cross-Site Scripting via Mailbox Parameter
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
CVE-2004-2447 EXPLOITDB text WRITEUP
1st Class Mail Server 4.01 - Cross-Site Scripting via Mailbox Parameter
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
CVE-2004-2447 EXPLOITDB text WRITEUP
1st Class Mail Server 4.01 - Cross-Site Scripting via Mailbox Parameter
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
CVE-2004-2528 EXPLOITDB text WRITEUP
webcam_watchdog 4.0.1a - Cross-Site Scripting via cam Parameter
Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.
CVE-2004-2253 EXPLOITDB text WORKING POC
SurgeLDAP <= 1.0g - Directory Traversal via User.cgi Page Parameter
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
EIP-2026-100724 EXPLOITDB text WRITEUP
myServer 0.6.2 - 'math_sum.mscgi' Multiple Remote Overflows
EIP-2026-100723 EXPLOITDB text WRITEUP
MyServer 0.6.2 - 'math_sum.mscgi' Multiple Cross-Site Scripting Vulnerabilities