intern0t

17 exploits Active since Jun 2009
CVE-2009-2133 EXPLOITDB text WRITEUP
Pivot 1.40.4 and 1.40.7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php, (4) the element name in a check array parameter in a delete action to pivot/index.php, (5) the edituser parameter in an edituser action to pivot/index.php, (6) the edit parameter in a templates action to pivot/index.php, (7) the blog parameter in a blog_edit1 action to pivot/index.php, (8) the cat parameter in a cat_edit action to pivot/index.php, (9) a certain form field in a doaction=1 request to pivot/index.php, (10) the url field in a my_weblog edit_prefs action to pivot/user.php, or (11) the username (aka name) field in a my_weblog reg_user action to pivot/user.php.
CVE-2009-2138 EXPLOITDB text WRITEUP
TBDev.NET 01-01-08 - Open Redirect via Returnto Parameter
Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI.
EIP-2026-114286 EXPLOITDB text WORKING POC
WordPress Plugin Yoast Google Analytics 3.2.4 - 404 Error Page Cross-Site Scripting
CVE-2009-2107 EXPLOITDB text WORKING POC
Webmedia Explorer 5.09-5.10 - Cross-Site Scripting via Event Handlers in Search/Tag Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Webmedia Explorer (webmex) 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the (1) search or (2) tag parameters; (3) arbitrary invalid parameter names that are not properly handled when triggered on a column; (4) bookmark parameter in an edit action; or (5) email parameter in a remember action.
CVE-2009-2141 EXPLOITDB text WRITEUP
TBDev.NET 01-01-08 - Cross-Site Scripting via Returnto Parameter or User Profile Fields
Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php.
CVE-2009-2145 EXPLOITDB text WRITEUP
transLucid 1.75 - Cross-Site Scripting via NodeID and Action Parameters
Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page.
CVE-2009-2163 EXPLOITDB text WRITEUP
Sitecore CMS < 6.0.2 - Cross-Site Scripting via sc_error Parameter
Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.
CVE-2009-2134 EXPLOITDB text WRITEUP
Pivot 1.40.4 and 1.40.7 - Exposure of Sensitive Information via Invalid URL Parameter
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.
CVE-2009-4450 EXPLOITDB text WORKING POC
LiveZilla 3.1.8.3 - Cross-Site Scripting via map.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl.
CVE-2009-4939 EXPLOITDB text WRITEUP
AdPeeps 8.5d1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.
EIP-2026-107134 EXPLOITDB text WORKING POC
Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-105159 EXPLOITDB text WRITEUP
amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection
EIP-2026-100064 EXPLOITDB text WORKING POC
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution
EIP-2026-100061 EXPLOITDB text WORKING POC
Australian Education App - Remote Code Execution
EIP-2026-100063 EXPLOITDB text WORKING POC
BestSafe Browser - Man In The Middle Remote Code Execution
EIP-2026-100072 EXPLOITDB text WORKING POC
Virtual Postage (VPA) - Man In The Middle Remote Code Execution
EIP-2026-100070 EXPLOITDB text WORKING POC
SKILLS.com.au Industry App - Man In The Middle Remote Code Execution