r0t3d3Vil

117 exploits Active since Nov 2005
CVE-2005-4239 EXPLOITDB text WORKING POC
PHP JackKnife < 2.21 - Cross-Site Scripting via sKeywords Parameter
Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter.
CVE-2005-4233 EXPLOITDB text WRITEUP
Ad Manager Pro < 2.0 - SQL Injection via advertiser_statistic.php ad_number Parameter
SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter.
CVE-2005-4598 EXPLOITDB text WRITEUP
OoApp Guestbook 2.1 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2005-3815 EXPLOITDB text WRITEUP
Orca Forum < 4.3b - SQL Injection via msg Parameter
SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.
CVE-2005-3918 EXPLOITDB text WRITEUP
OvBB 0.08a - SQL Injection via Thread ID or User ID Parameter
Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial.
CVE-2005-3918 EXPLOITDB text WRITEUP
OvBB 0.08a - SQL Injection via Thread ID or User ID Parameter
Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial.
EIP-2026-109421 EXPLOITDB text WRITEUP
Mercury CMS 4.0 - Multiple Input Validation Vulnerabilities
CVE-2005-4430 EXPLOITDB text WRITEUP
LogicBill <= 1.0 - SQL Injection via helpdesk.php __mode and __id Parameters
SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php.
CVE-2005-4361 EXPLOITDB text WRITEUP
Magnolia Content Management Suite 2.1 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2005-4780 EXPLOITDB LOW text WRITEUP
Fidra Lighthouse CMS <= 1.1.0 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED
CVSS 3.7
CVE-2005-4637 EXPLOITDB text WRITEUP
Kayako SupportSuite <= 3.00.26 - Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module.
CVE-2005-4363 EXPLOITDB text WRITEUP
Komodo CMS 2.1 - Cross-Site Scripting via Search Parameters
Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2005-4399 EXPLOITDB text WRITEUP
Libertas Enterprise CMS < 3.0 - Cross-Site Scripting via Page Search Parameter
Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter.
CVE-2005-4400 EXPLOITDB text WRITEUP
Liferay Portal Enterprise <3.6.1 - XSS
Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters.
CVE-2005-4331 EXPLOITDB text WRITEUP
iHTML Merchant Version 2 Pro - SQL Injection
SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.
CVE-2005-4330 EXPLOITDB text WRITEUP
iHTML Merchant Mall - SQL Injection
SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters.
EIP-2026-108051 EXPLOITDB text WRITEUP
Jax Calendar 1.34 - 'jax_calendar.php' SQL Injection
CVE-2005-3838 EXPLOITDB text WRITEUP
IsolSoft Support Center <= 2.2 - SQL Injection via search.php Parameters
Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter.
CVE-2005-4232 EXPLOITDB text WRITEUP
jamit_job_board < 2.4.1 - SQL Injection via cat Parameter
SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection
CVE-2005-4043 EXPLOITDB text WRITEUP
Hobosworld HobSR < 1.0 - SQL Injection via view.php arrange and p Parameters
SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters.
CVE-2005-3925 EXPLOITDB text WRITEUP
Central Manchester CLC Helpdesk Issue Manager <= 0.9 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php.
CVE-2005-3816 EXPLOITDB text WRITEUP
freeForum < 1.1 - SQL Injection via Cat or Thread Parameter
Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.
CVE-2005-3925 EXPLOITDB text WRITEUP
Central Manchester CLC Helpdesk Issue Manager <= 0.9 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php.
CVE-2005-4365 EXPLOITDB text WRITEUP
FLIP 0.9.0.1029 - Cross-Site Scripting via Name Parameter and Frame Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.
CVE-2005-4302 EXPLOITDB text WRITEUP
ezDatabase < 2.1.2 - Directory Traversal via p Parameter
Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.