night_warrior771

14 exploits Active since Jan 2006
CVE-2006-0198 EXPLOITDB text WORKING POC
Xoops Pool Module - XSS
Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.
CVE-2006-0480 EXPLOITDB text WRITEUP
Spaiz-nuke Cms - XSS
Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.
CVE-2006-0358 EXPLOITDB text WRITEUP
Powerportal - SQL Injection
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
CVE-2006-0358 EXPLOITDB text WRITEUP
Powerportal - SQL Injection
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
CVE-2006-0185 EXPLOITDB text WORKING POC
Php-nuke News Module - XSS
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
EIP-2026-106440 EXPLOITDB text WRITEUP
DieselScripts Job Site - 'Forgot.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106382 EXPLOITDB text WRITEUP
DCP Portal 5.3/6.0/6.1 - Multiple Input Validation Vulnerabilities
CVE-2006-4362 EXPLOITDB text WRITEUP
Dieselscripts Diesel Paid Mail - XSS
Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter.
CVE-2006-4358 EXPLOITDB text WRITEUP
Dieselscripts Diesel Pay - XSS
Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter.
CVE-2006-4357 EXPLOITDB text WRITEUP
PHP <clients/index.php - RCE
PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter.
CVE-2006-4443 EXPLOITDB text WORKING POC
AlstraSoft Video Share Enterprise - RCE
PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter.
CVE-2006-0222 EXPLOITDB text WRITEUP
Alstrasoft Template Seller - XSS
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.
CVE-2006-4591 EXPLOITDB text WORKING POC
AlstraSoft Template Seller <3.25 - RCE
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.
CVE-2006-0624 EXPLOITDB text WORKING POC
Webeveyn Whomp Real Estate Manager XP 2005 - SQL Injection
SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.