r0t - Security Researcher - Exploit Intelligence Platform

CVE-2006-1428 EXPLOITDB text WRITEUP

phpCOIN <= 1.2.2 - Cross-Site Scripting via fs Parameter

Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.

View Code

CVE-2006-1825 EXPLOITDB text WRITEUP

phplinks < 2.1.3.1 - Cross-Site Scripting via Term Parameter

Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter.

View Code

EIP-2026-111139 EXPLOITDB text WRITEUP

phpMyAdmin 3.3.0 - 'db' Cross-Site Scripting

View Code

EIP-2026-110714 EXPLOITDB text WRITEUP

PHP Labs Survey Wizard - SQL Injection

View Code

EIP-2026-110529 EXPLOITDB text WRITEUP

PDJK-support Suite 1.1 - Multiple SQL Injections

View Code

CVE-2005-3878 EXPLOITDB text WRITEUP

PHP Doc System < 1.5.1 - Directory Traversal via Show Parameter

Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.

View Code

EIP-2026-110019 EXPLOITDB text WRITEUP

ODFaq 2.1 - 'faq.php' SQL Injection

View Code

EIP-2026-110036 EXPLOITDB text WRITEUP

OmnistarLive 5.2 - Multiple SQL Injections

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

Open Business Management 1.0.3 pl1 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2005-3932 EXPLOITDB text WRITEUP

O-Kiraku Nikki <= 1.3 - SQL Injection via day_id Parameter

SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter.

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

Open Business Management 1.0.3 pl1 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2006-1098 EXPLOITDB text WRITEUP

NZ Ecommerce - SQL Injection via informationID or ParentCategory Parameter

Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

Open Business Management 1.0.3 pl1 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2006-2140 EXPLOITDB text WRITEUP

OrbitHYIP 2.0 - Cross-Site Scripting via Referral or ID Parameter

Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.

View Code

CVE-2006-2140 EXPLOITDB text WRITEUP

OrbitHYIP 2.0 - Cross-Site Scripting via Referral or ID Parameter

Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.

View Code

CVE-2005-3941 EXPLOITDB text WRITEUP

Orca Blog < 1.3b - SQL Injection via msg Parameter

SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

Open Business Management 1.0.3 pl1 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2006-3009 EXPLOITDB text WRITEUP

Open Business Management 1.0.3 pl1 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.

View Code

CVE-2005-3942 EXPLOITDB text WRITEUP

Orca Knowledgebase < 2.1b - SQL Injection via qid Parameter

SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter.

View Code

CVE-2005-3940 EXPLOITDB text WRITEUP

Orca Ringmaker < 2.3c - SQL Injection via Start Parameter

SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter.

View Code

CVE-2005-3978 EXPLOITDB text WRITEUP

NetClassifieds - SQL Injection via CatID or ItemNum Parameter

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php.

View Code

CVE-2005-3874 EXPLOITDB text WRITEUP

netzbrett < 1.5.1 - SQL Injection via p_entry Parameter

SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php.

View Code

CVE-2006-1781 EXPLOITDB text WRITEUP

Circle R Monster Top List < 1.4.2 - Remote Code Execution via Root Path Parameter

PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It was later reported that 1.4.2 and earlier are affected.

View Code

CVE-2006-3245 EXPLOITDB text WRITEUP

mvnforum 1.0 GA - Cross-Site Scripting via Member and Activatecode Parameters

Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.

View Code

EIP-2026-109851 EXPLOITDB text WRITEUP

Nelogic Nephp Publisher 4.5.2 - SQL Injection

View Code