omnipresent

9 exploits Active since May 2006
CVE-2007-1432 EXPLOITDB WRITEUP
Grayscale Blog 0.8.0 - Privilege Escalation
Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.
CVE-2007-1433 EXPLOITDB WRITEUP
grayscale_blog < 0.8.0 - Cross-Site Scripting via Comment Fields
Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.
EIP-2026-115619 EXPLOITDB c WORKING POC
Mercur MailServer 5.0 SP3 - 'IMAP' Denial of Service
CVE-2006-2242 EXPLOITDB c WORKING POC
acFTP 1.4 - Denial of Service via Long USER Command String
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
CVE-2006-4122 EXPLOITDB text WORKING POC
Simple one-file guestbook <1.0 - Auth Bypass
Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php.
CVE-2007-1434 EXPLOITDB text WRITEUP
grayscale_blog < 0.8.0 - SQL Injection via id or url Parameter
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
CVE-2006-3568 EXPLOITDB text WRITEUP
Fantastic Guestbook 2.0.1 - Cross-Site Scripting via First Name, Last Name, or Nickname Parameters
Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters.
CVE-2006-2771 EXPLOITDB text WRITEUP
Hogstorps hogstorp Guestbook 2.0 - Info Disclosure
admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.
CVE-2006-2499 EXPLOITDB text WORKING POC
CodeAvalanche News 1.2 - SQL Injection via Password Field
SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field.