indoushka

307 exploits Active since Apr 2004
CVE-2020-37217 EXPLOITDB MEDIUM text WORKING POC
Easy2Pilot 7 Cross-Site Request Forgery via admin.php
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent.
CVSS 4.3
CVE-2010-1113 EXPLOITDB WORKING POC
Web Server Creator - Web Portal 0.1 - XSS
Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.
CVE-2004-1551 EXPLOITDB WORKING POC
paFileDB 3.1 Final - Cross-Site Scripting via ID Parameter
Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.
CVE-2004-1975 EXPLOITDB WORKING POC
paFileDB 3.1 - Cross-Site Scripting via Category Module id Parameter
Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551.
CVE-2020-37141 EXPLOITDB HIGH text WRITEUP
AMSS++ 4.31 - SQL Injection via Mail Module id Parameter
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents.
CVSS 8.2
CVE-2020-37135 EXPLOITDB HIGH text WORKING POC
AMSS++ 4.7 - Authentication Bypass via Hardcoded Credentials
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
CVSS 7.5
CVE-2020-37108 EXPLOITDB HIGH text WRITEUP
PhpIX 2012 Professional - SQL Injection
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.
CVSS 7.1
CVE-2010-1300 EXPLOITDB text WRITEUP
Yamamah (Dove Photo Album) 1.00 - SQL Injection
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.
CVE-2010-0757 EXPLOITDB text WORKING POC
WikyBlog 1.7.3rc2 - Authenticated Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.
CVE-2010-0756 EXPLOITDB text WORKING POC
WikyBlog 1.7.3 rc2 - Session Fixation
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
CVE-2010-0755 EXPLOITDB text WORKING POC
WikyBlog 1.7.3 rc2 - Remote Code Execution via LangFile Parameter
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.
CVE-2010-0754 EXPLOITDB text WORKING POC
WikyBlog 1.7.2 and 1.7.3 rc2 - Cross-Site Scripting via which Parameter
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
CVE-2010-0724 EXPLOITDB text WORKING POC
Arab Cart 1.0.2.0 - SQL Injection via showimg.php id Parameter
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-119178 EXPLOITDB text WORKING POC
SurgeFTP 2.x - 'surgeftpmgr.cgi' Multiple Cross-Site Scripting Vulnerabilities
CVE-2008-5180 EXPLOITDB MEDIUM perl WORKING POC
Microsoft Office Communicator - Denial of Service via SIP INVITE Request Flood
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
CVSS 5.3
EIP-2026-114655 EXPLOITDB text WORKING POC
Zyke CMS 1.0 - Arbitrary File Upload
EIP-2026-114657 EXPLOITDB text SUSPICIOUS
Zyke CMS 1.1 - Bypass
EIP-2026-114485 EXPLOITDB text WORKING POC
XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup
CVE-2010-2335 EXPLOITDB text WRITEUP
Yamamah Photo Gallery 1.00 - SQL Injection via News Parameter
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.
EIP-2026-113450 EXPLOITDB text WORKING POC
WMNews - '/admin/wmnews.php' Cross-Site Scripting
CVE-2012-1913 EXPLOITDB text WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2009-4678 EXPLOITDB text WORKING POC
Winn Guestbook 2.4 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2010-1114 EXPLOITDB text WORKING POC
Web Server Creator - Web Portal 0.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php.
EIP-2026-113115 EXPLOITDB text WRITEUP
VirtuaSystems VirtuaNews Pro 1.0.4 - 'admin.php' Cross-Site Scripting
EIP-2026-113120 EXPLOITDB text WRITEUP
VisionGate 1.6 - 'login.php' Cross-Site Scripting