r0t3d3Vil

117 exploits Active since Nov 2005
CVE-2005-4365 EXPLOITDB text WRITEUP
FLIP 0.9.0.1029 - Cross-Site Scripting via Name Parameter and Frame Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.
CVE-2005-3846 EXPLOITDB text WRITEUP
Fantastic News < 2.1.1 - SQL Injection via Category Parameter
SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
EIP-2026-107010 EXPLOITDB text WORKING POC
EZDatabaseRemote 2.0 - PHP Script Code Execution
CVE-2005-4302 EXPLOITDB text WRITEUP
ezDatabase < 2.1.2 - Directory Traversal via p Parameter
Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.
CVE-2005-4303 EXPLOITDB text WRITEUP
ezDatabase < 2.1.2 - SQL Injection via db_id Parameter
SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter.
CVE-2005-3845 EXPLOITDB text WRITEUP
EZ Invoice Inc 2.0 - SQL Injection via invoices.php i Parameter
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email [email protected] and EZI will email you the patch to fix this small issue."
CVE-2005-4254 EXPLOITDB text WRITEUP
DreamLevels DreamPoll 3.0 final - SQL Injection via view_Results.php id Parameter
SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4311 EXPLOITDB text WRITEUP
dcscripts dcforum - Cross-Site Scripting via dcboard.php Page Parameter
Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters.
CVE-2005-4429 EXPLOITDB text WRITEUP
CS-Cart 1.3.0 - SQL Injection via sort_by or sort_order Parameters
SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
CVE-2005-4385 EXPLOITDB text WRITEUP
Cofax 2.0 RC3 - Cross-Site Scripting via Search String Parameter
Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
EIP-2026-106082 EXPLOITDB text WRITEUP
CommodityRentals 2.0 - SQL Injection
EIP-2026-106194 EXPLOITDB text WORKING POC
CourseForum Technologies ProjectForum 4.7 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2005-4049 EXPLOITDB text WRITEUP
Blog System 1.2 - SQL Injection via cat or note Parameter
Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php.
CVE-2005-4381 EXPLOITDB text WRITEUP
Caravel CMS < 3.0_beta_1 - Cross-Site Scripting via fileDN and folderviewer_attrs Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters.
CVE-2005-4375 EXPLOITDB text WRITEUP
Amaxus < 3 - Cross-Site Scripting via Change Parameter
Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376.
CVE-2005-4596 EXPLOITDB text WRITEUP
AdesGuestbook 2.0 - Cross-Site Scripting via totalRows_rsRead Parameter
Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter.
CVE-2005-3914 EXPLOITDB text WRITEUP
AFFcommerce 1.1.4 - SQL Injection via cl Parameter and item_id Parameter
Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.
CVE-2005-3914 EXPLOITDB text WRITEUP
AFFcommerce 1.1.4 - SQL Injection via cl Parameter and item_id Parameter
Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.
CVE-2005-3914 EXPLOITDB text WRITEUP
AFFcommerce 1.1.4 - SQL Injection via cl Parameter and item_id Parameter
Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.
CVE-2005-4476 EXPLOITDB text WRITEUP
OpenEdit < 4.0 - Cross-Site Scripting via oe-action or page Parameters
Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters.
CVE-2005-4576 EXPLOITDB text WRITEUP
Fatwire UpdateEngine < 6.2 - Cross-Site Scripting via COUNTRYNAME, EMAIL, or FUELAP_TEMPLATENAME Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters.
CVE-2005-4306 EXPLOITDB text WRITEUP
SiteNet BBS < 2.0 - Cross-Site Scripting via netboardr.cgi and search.cgi Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi.
CVE-2005-4328 EXPLOITDB text WRITEUP
Webglimpse <= 2.14.1 - Cross-Site Scripting via ID Parameter
Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
CVE-2005-4290 EXPLOITDB text WORKING POC
ECW-Cart < 2.03 - Cross-Site Scripting via kword, max, min, comp, or f Parameters
Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters.
CVE-2005-4306 EXPLOITDB text WRITEUP
SiteNet BBS < 2.0 - Cross-Site Scripting via netboardr.cgi and search.cgi Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi.