r0t - Security Researcher - Exploit Intelligence Platform

CVE-2006-1428 EXPLOITDB text WRITEUP

phpCOIN <1.2.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.

View Code

CVE-2006-1825 EXPLOITDB text WRITEUP

Phplinks < 2.1.3.1 - XSS

Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter.

View Code

EIP-2026-111139 EXPLOITDB text WRITEUP

phpMyAdmin 3.3.0 - 'db' Cross-Site Scripting

View Code

EIP-2026-110714 EXPLOITDB text WRITEUP

PHP Labs Survey Wizard - SQL Injection

View Code

EIP-2026-110529 EXPLOITDB text WRITEUP

PDJK-support Suite 1.1 - Multiple SQL Injections

View Code

CVE-2005-3878 EXPLOITDB text WRITEUP

Alex King Php Doc System < 1.5.1 - Path Traversal

Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.

View Code

EIP-2026-110019 EXPLOITDB text WRITEUP

ODFaq 2.1 - 'faq.php' SQL Injection

View Code

EIP-2026-110036 EXPLOITDB text WRITEUP

OmnistarLive 5.2 - Multiple SQL Injections

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

OBM 1.0.3 pl1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2005-3932 EXPLOITDB text WRITEUP

O-kiraku Nikki - SQL Injection

SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter.

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

OBM 1.0.3 pl1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2006-1098 EXPLOITDB text WRITEUP

Digital Builder NZ Ecommerce - SQL Injection

Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

OBM 1.0.3 pl1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2006-2140 EXPLOITDB text WRITEUP

Orbitscripts Orbithyip - XSS

Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.

View Code

CVE-2006-2140 EXPLOITDB text WRITEUP

Orbitscripts Orbithyip - XSS

Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.

View Code

CVE-2005-3941 EXPLOITDB text WRITEUP

Greywyvern Orca Blog < 1.3b - SQL Injection

SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

OBM 1.0.3 pl1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

OBM 1.0.3 pl1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2005-3942 EXPLOITDB text WRITEUP

Greywyvern Orca Knowledgebase < 2.1b - SQL Injection

SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter.

View Code

CVE-2005-3940 EXPLOITDB text WRITEUP

Greywyvern Orca Ringmaker < 2.3c - SQL Injection

SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter.

View Code

CVE-2005-3978 EXPLOITDB text WRITEUP

Scriptdevelopers.net Netclassifieds - SQL Injection

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php.

View Code

CVE-2005-3874 EXPLOITDB text WRITEUP

Weaverslave Netzbrett < 1.5.1 - SQL Injection

SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php.

View Code

CVE-2006-1781 EXPLOITDB text WRITEUP

Circle R MTL <1.4.2 - RCE

PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It was later reported that 1.4.2 and earlier are affected.

View Code

CVE-2006-3245 EXPLOITDB text WRITEUP

mvnForum <1.0 GA - XSS

Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.

View Code

EIP-2026-109851 EXPLOITDB text WRITEUP

Nelogic Nephp Publisher 4.5.2 - SQL Injection

View Code