indoushka

307 exploits Active since Apr 2004
CVE-2010-1113 EXPLOITDB WORKING POC
Web Server Creator - Web Portal 0.1 - XSS
Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.
CVE-2004-1551 EXPLOITDB WORKING POC
PHP Arena Pafiledb - XSS
Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.
CVE-2004-1975 EXPLOITDB WORKING POC
PHP Arena Pafiledb - XSS
Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551.
CVE-2020-37141 EXPLOITDB HIGH text WRITEUP
AMSS++ 4.31 - SQL Injection
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents.
CVSS 8.2
CVE-2020-37135 EXPLOITDB HIGH text WORKING POC
AMSS++ 4.7 - Auth Bypass
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
CVSS 7.5
CVE-2020-37108 EXPLOITDB HIGH text WRITEUP
PhpIX 2012 Professional - SQL Injection
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.
CVSS 7.1
CVE-2010-1300 EXPLOITDB text WRITEUP
Yamamah (Dove Photo Album) 1.00 - SQL Injection
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.
CVE-2010-0757 EXPLOITDB text WORKING POC
WikyBlog 1.7.3rc2 - RCE
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.
CVE-2010-0756 EXPLOITDB text WORKING POC
WikyBlog 1.7.3 rc2 - Session Fixation
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
CVE-2010-0755 EXPLOITDB text WORKING POC
WikyBlog 1.7.3 rc2 - RCE
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.
CVE-2010-0754 EXPLOITDB text WORKING POC
WikyBlog <1.7.3 rc2 - XSS
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
CVE-2010-0724 EXPLOITDB text WORKING POC
Arab Cart 1.0.2.0 - SQL Injection
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-119178 EXPLOITDB text WORKING POC
SurgeFTP 2.x - 'surgeftpmgr.cgi' Multiple Cross-Site Scripting Vulnerabilities
CVE-2008-5180 EXPLOITDB MEDIUM perl WORKING POC
Microsoft Communicator - DoS
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
CVSS 5.3
EIP-2026-114655 EXPLOITDB text WORKING POC
Zyke CMS 1.0 - Arbitrary File Upload
EIP-2026-114657 EXPLOITDB text SUSPICIOUS
Zyke CMS 1.1 - Bypass
EIP-2026-114485 EXPLOITDB text WORKING POC
XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup
CVE-2010-2335 EXPLOITDB text WRITEUP
Yamamah - SQL Injection
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.
CVE-2009-4678 EXPLOITDB text WORKING POC
Winn Guestbook 2.4 - XSS
Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
EIP-2026-113450 EXPLOITDB text WORKING POC
WMNews - '/admin/wmnews.php' Cross-Site Scripting
CVE-2012-1913 EXPLOITDB text WORKING POC
(pending title)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
EIP-2026-113120 EXPLOITDB text WRITEUP
VisionGate 1.6 - 'login.php' Cross-Site Scripting
EIP-2026-113037 EXPLOITDB text WORKING POC
vCard PRO 3.1 - Cross-Site Scripting
EIP-2026-113115 EXPLOITDB text WRITEUP
VirtuaSystems VirtuaNews Pro 1.0.4 - 'admin.php' Cross-Site Scripting
EIP-2026-113344 EXPLOITDB text WORKING POC
Webring - Cross-Site Scripting