r0t

258 exploits Active since Oct 2000
CVE-2006-1414 EXPLOITDB text WRITEUP
Toast Forums <= 1.6 - Cross-Site Scripting via Author, Subject, Message, or Dayprune Parameter
Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in Toast Forums 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, (3) message, or (4) dayprune parameter.
CVE-2005-4485 EXPLOITDB text WRITEUP
ProjectApp < 3.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.
CVE-2005-4485 EXPLOITDB text WRITEUP
ProjectApp < 3.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.
CVE-2005-4485 EXPLOITDB text WRITEUP
ProjectApp < 3.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.
CVE-2005-4485 EXPLOITDB text WRITEUP
ProjectApp < 3.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.
CVE-2005-4482 EXPLOITDB text WRITEUP
PortalApp 3.3 - Cross-Site Scripting via ret_page Parameter
Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter.
CVE-2006-1417 EXPLOITDB text WRITEUP
Caloris Planitia Online Quiz System <1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp.
CVE-2006-1417 EXPLOITDB text WRITEUP
Caloris Planitia Online Quiz System <1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp.
CVE-2005-4063 EXPLOITDB text WRITEUP
netauctionhelp < 3.0 - Cross-Site Scripting via search.asp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp.
CVE-2006-2955 EXPLOITDB text WRITEUP
kaphotoservice < 7.5 - Cross-Site Scripting via newcategory/apage/cat/albumid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp.
CVE-2006-2955 EXPLOITDB text WRITEUP
kaphotoservice < 7.5 - Cross-Site Scripting via newcategory/apage/cat/albumid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp.
CVE-2006-2955 EXPLOITDB text WRITEUP
kaphotoservice < 7.5 - Cross-Site Scripting via newcategory/apage/cat/albumid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp.
CVE-2005-4484 EXPLOITDB text WRITEUP
IntranetApp < 3.3 - Cross-Site Scripting via login.asp ret_page or content.asp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp.
CVE-2005-4484 EXPLOITDB text WRITEUP
IntranetApp < 3.3 - Cross-Site Scripting via login.asp ret_page or content.asp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp.
CVE-2005-4047 EXPLOITDB text WORKING POC
IISWorks ASPKnowledgeBase 2.0 - Cross-Site Scripting via kb.asp a Parameter
Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter.
CVE-2005-4483 EXPLOITDB text WRITEUP
SiteEnable < 3.3 - Cross-Site Scripting via ret_page Parameter
Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter.
CVE-2005-4060 EXPLOITDB text WRITEUP
rwAuction Pro 4.0 and 5.0 - Cross-Site Scripting via searchtxt Parameter
Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter.
CVE-2005-4485 EXPLOITDB text WRITEUP
ProjectApp < 3.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.
CVE-2005-4485 EXPLOITDB text WRITEUP
ProjectApp < 3.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.
CVE-2005-4064 EXPLOITDB text WRITEUP
A-FAQ 1.0 - SQL Injection via faqid or catcode Parameter
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.
CVE-2005-4064 EXPLOITDB text WRITEUP
A-FAQ 1.0 - SQL Injection via faqid or catcode Parameter
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.
CVE-2006-2179 EXPLOITDB text WRITEUP
Smartwin Technology Cyberoffice Warehouse Builder - SQL Injection
Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm.
CVE-2006-2178 EXPLOITDB text WRITEUP
CyberOffice Warehouse Builder - Cross-Site Scripting via SessionID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection.
CVE-2006-1418 EXPLOITDB text WRITEUP
Caloris Planitia E-School Mgt Sys <1.0 - XSS
Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2005-4378 EXPLOITDB text WRITEUP
Baseline CMS < 1.95 - SQL Injection via SiteNodeID Parameter
SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter.