r0t3d3Vil

117 exploits Active since Nov 2005
CVE-2005-4307 EXPLOITDB text WRITEUP
ScareCrow < 2.13 - Cross-Site Scripting via Forum or User Parameter
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
CVE-2005-4307 EXPLOITDB text WRITEUP
ScareCrow < 2.13 - Cross-Site Scripting via Forum or User Parameter
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
CVE-2005-4307 EXPLOITDB text WRITEUP
ScareCrow < 2.13 - Cross-Site Scripting via Forum or User Parameter
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
CVE-2005-4314 EXPLOITDB text WORKING POC
ppcal_shopping_cart < 3.3.0 - Cross-Site Scripting via stop and user Parameters
Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters.
CVE-2005-4293 EXPLOITDB text WORKING POC
ClickCartPro 5.1 - Cross-Site Scripting via affl Parameter
Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter.
CVE-2005-4289 EXPLOITDB text WORKING POC
edatcat_shopping_cart_system 0.3 - Cross-Site Scripting via user_action Parameter
Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter.
CVE-2005-4291 EXPLOITDB text WORKING POC
ECTOOLS Onlineshop <= 1.0 - Cross-Site Scripting via cart.cgi Parameters
Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) product, (2) category, and (3) uid parameters.
CVE-2005-4285 EXPLOITDB text WORKING POC
Dick Copits PDEstore < 1.8 - Cross-Site Scripting via Search Module, Product, or Cart ID Parameters
Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters.
CVE-2005-4488 EXPLOITDB text WRITEUP
Redakto WCMS < 3.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters.
CVE-2005-4333 EXPLOITDB text WRITEUP
Binary Board System < 0.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.
CVE-2005-4333 EXPLOITDB text WRITEUP
Binary Board System < 0.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.
CVE-2005-4333 EXPLOITDB text WRITEUP
Binary Board System < 0.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.
CVE-2005-4299 EXPLOITDB text WORKING POC
Atlant Pro < 4.02 - Cross-Site Scripting via before or ct Parameters
Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters.
CVE-2005-4298 EXPLOITDB text WORKING POC
AtlantForum < 4.02 - Cross-Site Scripting via sch_allsubct, before, or ct Parameters
Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters.
CVE-2005-4419 EXPLOITDB text WRITEUP
Honeycomb Archive <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters.
CVE-2005-4574 EXPLOITDB text WORKING POC
CommonSpot Content Server <= 4.5 - Cross-Site Scripting via loader.cfm bNewWindow Parameter
Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter.
CVE-2005-4486 EXPLOITDB text WRITEUP
Quantum Art QP7.Enterprise - SQL Injection
SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp
CVE-2005-4205 EXPLOITDB text WRITEUP
locazolist_classifieds < 1.03c - Cross-Site Scripting via searchdb.asp q Parameter
Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.
EIP-2026-100698 EXPLOITDB text WRITEUP
E-Publish 2.0 - Multiple Input Validation Vulnerabilities
EIP-2026-100697 EXPLOITDB text WRITEUP
Community Enterprise 4.x - Multiple Input Validation Vulnerabilities
CVE-2006-1372 EXPLOITDB text WRITEUP
1WebCalendar < 4.0 - SQL Injection via EventID, NewsID, or ThisDate Parameter
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
CVE-2006-1372 EXPLOITDB text WRITEUP
1WebCalendar < 4.0 - SQL Injection via EventID, NewsID, or ThisDate Parameter
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
CVE-2006-1372 EXPLOITDB text WRITEUP
1WebCalendar < 4.0 - SQL Injection via EventID, NewsID, or ThisDate Parameter
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
CVE-2005-4497 EXPLOITDB text WRITEUP
Tangora Portal CMS < 4.0 - Cross-Site Scripting via Search Action Parameter
Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx.
CVE-2005-3998 EXPLOITDB text WRITEUP
solupress_news < 1.0 - Cross-Site Scripting via search.asp Keywords Parameter
Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.