l2odon

4 exploits Active since Jul 2006
CVE-2006-3909 EXPLOITDB text WORKING POC
WWWthreads - Cross-Site Scripting via Calendar Week Parameter
Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter.
CVE-2006-3940 EXPLOITDB text WRITEUP
phpbb-auction - SQL Injection via ar Parameter in auction_room.php and u Parameter in auction_store.php
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.
CVE-2006-3940 EXPLOITDB text WRITEUP
phpbb-auction - SQL Injection via ar Parameter in auction_room.php and u Parameter in auction_store.php
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.
CVE-2006-3948 EXPLOITDB text WORKING POC
PHP-Nuke INP - Cross-Site Scripting via Query Parameter
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter.