hiphop

6 exploits Active since Feb 2013
CVE-2013-1463 EXPLOITDB text WORKING POC
WP-Table Reloaded < 1.9.4 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
CVE-2013-1464 EXPLOITDB text WORKING POC
Audio Player < 2.0.4.6 - Cross-Site Scripting via playerID Parameter
Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.
CVE-2013-2714 EXPLOITDB MEDIUM text WORKING POC
WordPress podPress Plugin <8.8.10.13 - XSS
Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter.
CVSS 6.1
CVE-2013-1636 EXPLOITDB text WORKING POC
Caseproof Prettylinks < 1.6.2 - XSS
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.
EIP-2026-110793 EXPLOITDB text WORKING POC
PHP-AddressBook 6.2.4 - 'group.php' SQL Injection
EIP-2026-109219 EXPLOITDB text WORKING POC
LoveCMS 1.6.2 - Cross-Site Request Forgery / Code Injection