dr_insane

EIP-2026-112410 EXPLOITDB text WRITEUP

SquirrelMail 1.2.11 - Multiple Vulnerabilities

View Code

EIP-2026-112411 EXPLOITDB text WRITEUP

SquirrelMail 1.2.11 Administrator Plugin - 'options.php' Arbitrary Admin Account Creation

View Code

EIP-2026-112409 EXPLOITDB text WRITEUP

SquirrelMail 1.2.11 - 'move_messages.php' Arbitrary File Moving

View Code

EIP-2026-104298 EXPLOITDB text WRITEUP

Keene Digital Media Server 1.0.2 - Cross-Site Scripting

View Code

CVE-2004-2494 EXPLOITDB text WRITEUP

Ability Mail Server 1.18 - XSS

Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.

View Code

EIP-2026-103905 EXPLOITDB text WRITEUP

futurewave webx server 1.1 - Directory Traversal

View Code

EIP-2026-103639 EXPLOITDB text WRITEUP

PSCS VPOP3 2.0 - Email Server Remote Denial of Service

View Code

CVE-2004-2519 EXPLOITDB text WRITEUP

Gattaca Server 2003 1.1.10.0 - DoS

Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".

View Code

CVE-2004-2520 EXPLOITDB text WORKING POC

Gattaca Server 2003 1.1.10.0 - DoS

POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands.

View Code

EIP-2026-102493 EXPLOITDB text WRITEUP

Macromedia JRun 4.0 build 61650 - Administrative Interface Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2005-4206 EXPLOITDB MEDIUM text WRITEUP

Blackboard Academic Suite < 6.0.0.0 - Open Redirect

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.

CVSS 6.1

View Code

EIP-2026-100802 EXPLOITDB text WRITEUP

FloosieTek FTGate Mail Server 1.2 - Full Path Disclosure

View Code

EIP-2026-100801 EXPLOITDB text WRITEUP

FloosieTek FTGate Mail Server 1.2 - 'index.fts?folder' Cross-Site Scripting

View Code

CVE-2004-2385 EXPLOITDB text WRITEUP

EMU Webmail 5.2.7 - Info Disclosure

EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.

View Code

CVE-2004-2334 EXPLOITDB text WORKING POC

EMU Webmail 5.2.7 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.

View Code

CVE-2004-2447 EXPLOITDB text WRITEUP

1st Class Mail Server 4.01 - XSS

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

View Code

CVE-2004-2447 EXPLOITDB text WRITEUP

1st Class Mail Server 4.01 - XSS

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

View Code

CVE-2004-2447 EXPLOITDB text WRITEUP

1st Class Mail Server 4.01 - XSS

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

View Code

CVE-2004-2447 EXPLOITDB text WRITEUP

1st Class Mail Server 4.01 - XSS

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

View Code

CVE-2004-2447 EXPLOITDB text WRITEUP

1st Class Mail Server 4.01 - XSS

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

View Code

CVE-2004-2447 EXPLOITDB text WRITEUP

1st Class Mail Server 4.01 - XSS

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

View Code

CVE-2004-2528 EXPLOITDB text WRITEUP

Webcam Watchdog 4.0.1a - XSS

Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.

View Code

CVE-2004-2253 EXPLOITDB text WORKING POC

SurgeLDAP <1.0g - Path Traversal

Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.

View Code

EIP-2026-100724 EXPLOITDB text WRITEUP

myServer 0.6.2 - 'math_sum.mscgi' Multiple Remote Overflows

View Code

EIP-2026-100723 EXPLOITDB text WRITEUP

MyServer 0.6.2 - 'math_sum.mscgi' Multiple Cross-Site Scripting Vulnerabilities

View Code