r0t3d3Vil

117 exploits Active since Nov 2005
CVE-2005-4307 EXPLOITDB text WRITEUP
ScareCrow <2.13 - XSS
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
CVE-2005-4307 EXPLOITDB text WRITEUP
ScareCrow <2.13 - XSS
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
CVE-2005-4307 EXPLOITDB text WRITEUP
ScareCrow <2.13 - XSS
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
CVE-2005-4314 EXPLOITDB text WORKING POC
PPCal Shopping Cart <3.3.0 - XSS
Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters.
CVE-2005-4293 EXPLOITDB text WORKING POC
ClickCartPro <5.1 - XSS
Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter.
CVE-2005-4289 EXPLOITDB text WORKING POC
Edatcat Shopping Cart System - XSS
Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter.
CVE-2005-4291 EXPLOITDB text WORKING POC
ECTOOLS Onlineshop <1.0 - XSS
Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) product, (2) category, and (3) uid parameters.
CVE-2005-4285 EXPLOITDB text WORKING POC
Dick Copits Pdestore < 1.8 - XSS
Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters.
CVE-2005-4488 EXPLOITDB text WRITEUP
Redakto WCMS <3.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters.
CVE-2005-4333 EXPLOITDB text WRITEUP
Binary Board System <0.2.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.
CVE-2005-4333 EXPLOITDB text WRITEUP
Binary Board System <0.2.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.
CVE-2005-4333 EXPLOITDB text WRITEUP
Binary Board System <0.2.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.
CVE-2005-4299 EXPLOITDB text WORKING POC
Atlant Pro <4.02 - XSS
Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters.
CVE-2005-4298 EXPLOITDB text WORKING POC
AtlantForum <4.02 - XSS
Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters.
CVE-2005-4419 EXPLOITDB text WRITEUP
Honeycomb Archive <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters.
CVE-2005-4574 EXPLOITDB text WORKING POC
PaperThin CommonSpot <4.5 - XSS
Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter.
CVE-2005-4486 EXPLOITDB text WRITEUP
Quantum Art QP7.Enterprise - SQL Injection
SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp
CVE-2005-4205 EXPLOITDB text WRITEUP
Locazolist Classifieds < 1.03c - XSS
Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.
EIP-2026-100698 EXPLOITDB text WRITEUP
E-Publish 2.0 - Multiple Input Validation Vulnerabilities
EIP-2026-100697 EXPLOITDB text WRITEUP
Community Enterprise 4.x - Multiple Input Validation Vulnerabilities
CVE-2006-1372 EXPLOITDB text WRITEUP
1WebCalendar <4.0 - SQL Injection
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
CVE-2006-1372 EXPLOITDB text WRITEUP
1WebCalendar <4.0 - SQL Injection
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
CVE-2006-1372 EXPLOITDB text WRITEUP
1WebCalendar <4.0 - SQL Injection
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
CVE-2005-4497 EXPLOITDB text WRITEUP
Tangora Portal CMS <4.0 - XSS
Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx.
CVE-2005-3998 EXPLOITDB text WRITEUP
Solupress News < 1.0 - XSS
Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.