imei

16 exploits Active since Jan 2006
CVE-2006-0733 EXPLOITDB text WRITEUP
WordPress 2.0.0 - Stored Cross-Site Scripting via Author Website Field
Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability
CVE-2006-1040 EXPLOITDB text WORKING POC
vBulletin 3.0.12 and 3.5.3 - Cross-Site Scripting via Email Field
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
CVE-2006-4273 EXPLOITDB text WORKING POC
vBulletin 3.5.4 and 3.6.0 - Cross-Site Scripting via PDF Attachment
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6.
CVE-2007-4419 EXPLOITDB text WORKING POC
Olate Download (od) 3.4.1 - Info Disclosure
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
EIP-2026-109683 EXPLOITDB text WORKING POC
MyBB 1.0.3 - 'Managegroup.php' Cross-Site Scripting
EIP-2026-109685 EXPLOITDB text WORKING POC
MyBB 1.0.3 - 'private.php' Multiple SQL Injections
CVE-2006-1912 EXPLOITDB text WRITEUP
Mybulletinboard - SQL Injection
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
EIP-2026-109749 EXPLOITDB text WORKING POC
MyBulletinBoard (MyBB) 1.0.x/1.1.x - 'usercp.php' SQL Injection
EIP-2026-109684 EXPLOITDB text WRITEUP
MyBB 1.0.3 - 'moderation.php' SQL Injection
EIP-2026-109681 EXPLOITDB text WORKING POC
MyBB 1.0 - 'Globa.php' Cookie Data SQL Injection
CVE-2006-0470 EXPLOITDB text WORKING POC
MyBulletinBoard 1.02 - Cross-Site Scripting via search.php sortby and sortordr Parameters
Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.
EIP-2026-109682 EXPLOITDB text WORKING POC
MyBB 1.0.2/1.0.3 - 'Managegroup.php' SQL Injection
EIP-2026-108976 EXPLOITDB text WRITEUP
Kayako SupportSuite 3.0.32 - 'PHP_SELF Trigger_Error' Function Cross-Site Scripting
CVE-2006-0885 EXPLOITDB text WORKING POC
CuteNews 1.4.1 - Cross-Site Scripting via show parameter
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.
CVE-2006-1909 EXPLOITDB text WORKING POC
Coppermine Photo Gallery 1.4.4 - Directory Traversal via Modified Dot Dot Slash in File Parameter
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
CVE-2006-0372 EXPLOITDB text WORKING POC
Insane Visions BlogPHP - SQL Injection via Cookie Parameters
Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.