night_warrior771

14 exploits Active since Jan 2006
CVE-2006-0198 EXPLOITDB text WORKING POC
XOOPS Pool Module - Stored Cross-Site Scripting via IMG SRC Attribute in Comment
Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.
CVE-2006-0480 EXPLOITDB text WRITEUP
spaiz-nuke_cms - Cross-Site Scripting via Articles Module Query Parameter
Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.
CVE-2006-0358 EXPLOITDB text WRITEUP
PowerPortal - SQL Injection via Search Parameter
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
CVE-2006-0358 EXPLOITDB text WRITEUP
PowerPortal - SQL Injection via Search Parameter
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
CVE-2006-0185 EXPLOITDB text WORKING POC
Php-Nuke Pool and News Modules - Cross-Site Scripting via IMG Tag SRC Attribute
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
EIP-2026-106440 EXPLOITDB text WRITEUP
DieselScripts Job Site - 'Forgot.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106382 EXPLOITDB text WRITEUP
DCP Portal 5.3/6.0/6.1 - Multiple Input Validation Vulnerabilities
CVE-2006-4362 EXPLOITDB text WRITEUP
Diesel Paid Mail - Cross-Site Scripting via getad.php ps Parameter
Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter.
CVE-2006-4358 EXPLOITDB text WRITEUP
Diesel Pay - Cross-Site Scripting via Read Parameter
Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter.
CVE-2006-4357 EXPLOITDB text WRITEUP
Diesel Smart Traffic - Remote File Inclusion via clients/index.php src Parameter
PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter.
CVE-2006-4443 EXPLOITDB text WORKING POC
AlstraSoft Video Share Enterprise - RCE
PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter.
CVE-2006-0222 EXPLOITDB text WRITEUP
AlstraSoft Template Seller Pro - Cross-Site Scripting via fullview.php tempid Parameter
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.
CVE-2006-4591 EXPLOITDB text WORKING POC
AlstraSoft Template Seller <3.25 - RCE
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.
CVE-2006-0624 EXPLOITDB text WORKING POC
Whomp Real Estate Manager XP 2005 - SQL Injection via Username and Password Parameters
SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.