netVigilance

6 exploits Active since May 2007
CVE-2007-5127 EXPLOITDB text WORKING POC
SimpGB 1.46.02 - Cross-Site Scripting via l_username or l_emoticonlist Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php.
CVE-2007-5127 EXPLOITDB text WORKING POC
SimpGB 1.46.02 - Cross-Site Scripting via l_username or l_emoticonlist Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php.
CVE-2007-4863 EXPLOITDB text WORKING POC
SAXON 5.4 - SQL Injection via Template Parameter
SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter.
CVE-2007-4862 EXPLOITDB text WRITEUP
SAXON 5.4 - Cross-Site Scripting via config[news_url] Parameter
Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter.
CVE-2007-2520 EXPLOITDB text WORKING POC
MyNews 0.10 - SQL Injection via authacc Cookie
SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.
CVE-2007-0609 EXPLOITDB text WRITEUP
Advanced Guestbook 2.4.2 - Directory Traversal via Lang Cookie
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.