r0t

258 exploits Active since Oct 2000
CVE-2006-2182 EXPLOITDB perl WORKING POC
albinator <= 2.0.8 - Remote File Inclusion via Config_rootdir Parameter
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.
CVE-2005-3855 EXPLOITDB text WRITEUP
1-2-3 music store - SQL Injection via AlbumID Parameter
SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
CVE-2006-1374 EXPLOITDB text WRITEUP
AdMan 1.0.20051221- - SQL Injection
SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter.
CVE-2000-0751 EXPLOITDB text WRITEUP
NetBSD and OpenBSD - Remote Code Execution via Format String Injection in mopd
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
CVE-2006-1487 EXPLOITDB text WRITEUP
ActiveCampaign SupportTrio 2.50.2 - XSS
Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module.
CVE-2005-3933 EXPLOITDB text WRITEUP
88script Event Calendar 2.0 - SQL Injection via m Parameter
SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
EIP-2026-104223 EXPLOITDB text WORKING POC
DirectAdmin 1.33.6 - 'CMD_DB_VIEW' Cross-Site Scripting
EIP-2026-102372 EXPLOITDB text WRITEUP
H-Sphere 2.5.1 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2005-3966 EXPLOITDB text WORKING POC
Java Search Engine 0.9.34 - Cross-Site Scripting via q Parameter
Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-1580 EXPLOITDB text WRITEUP
Bugzero < 4.3.1 - Cross-Site Scripting via msg Parameter in query.jsp and entryId Parameter in edit.jsp
Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 and other versions allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in query.jsp and (2) entryId parameter in edit.jsp.
CVE-2006-1580 EXPLOITDB text WRITEUP
Bugzero < 4.3.1 - Cross-Site Scripting via msg Parameter in query.jsp and entryId Parameter in edit.jsp
Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 and other versions allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in query.jsp and (2) entryId parameter in edit.jsp.
CVE-2009-2216 EXPLOITDB MEDIUM text WORKING POC
DirectAdmin < 1.33.6 - Cross-Site Scripting via CMD_REDIRECT URI Parameter
Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.
CVSS 6.1
CVE-2005-4091 EXPLOITDB text WRITEUP
1-script 1-Search 1.8 - Cross-Site Scripting via q Parameter
Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-1849 EXPLOITDB text WRITEUP
xFlow < 5.46.11 - SQL Injection via Position or ID Parameter
Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter.
CVE-2006-1850 EXPLOITDB text WRITEUP
xFlow < 5.46.11 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi.
CVE-2006-1427 EXPLOITDB text WRITEUP
WebAPP <= 0.9.9.3.2 - Cross-Site Scripting via Multiple CGI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.
CVE-2006-1427 EXPLOITDB text WRITEUP
WebAPP <= 0.9.9.3.2 - Cross-Site Scripting via Multiple CGI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.
CVE-2006-1946 EXPLOITDB text WRITEUP
visale < 1.0 - Cross-Site Scripting via keyval, catsubno, or listno Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi.
CVE-2006-1946 EXPLOITDB text WRITEUP
visale < 1.0 - Cross-Site Scripting via keyval, catsubno, or listno Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi.
CVE-2006-1946 EXPLOITDB text WRITEUP
visale < 1.0 - Cross-Site Scripting via keyval, catsubno, or listno Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi.
CVE-2006-1682 EXPLOITDB text WRITEUP
TalentSoft Web+Shop 5.0 - Cross-Site Scripting via deptname Parameter
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script.
CVE-2005-4485 EXPLOITDB text WRITEUP
ProjectApp < 3.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.
EIP-2026-100881 EXPLOITDB text WORKING POC
Portal Pack 6.0 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2006-1965 EXPLOITDB text WRITEUP
aasi media Net Clubs Pro - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.
CVE-2006-1965 EXPLOITDB text WRITEUP
aasi media Net Clubs Pro - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.