r0t

258 exploits Active since Oct 2000
CVE-2006-1965 EXPLOITDB text WRITEUP
Aasi Media Net Clubs Pro - XSS
Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.
CVE-2006-1709 EXPLOITDB text WORKING POC
interaktiv.shop 5 - XSS
Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.
CVE-2006-1943 EXPLOITDB text WRITEUP
Smarter Scripts Intellilink Pro - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi.
CVE-2006-1943 EXPLOITDB text WRITEUP
Smarter Scripts Intellilink Pro - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi.
CVE-2005-4032 EXPLOITDB text WRITEUP
Easy Search System <1.1 - XSS
Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-1944 EXPLOITDB text WRITEUP
Sibsoft Communimail < 1.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.
CVE-2006-1944 EXPLOITDB text WRITEUP
Sibsoft Communimail < 1.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.
CVE-2006-1404 EXPLOITDB text WRITEUP
BlankOL <1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file or (2) function parameter.
CVE-2006-1950 EXPLOITDB text WRITEUP
Perlcoders Group Bannerfarm - XSS
Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters.
CVE-2006-3682 EXPLOITDB text WRITEUP
AWStats 6.5 <1.857 - Info Disclosure
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.
CVE-2006-1945 EXPLOITDB text WORKING POC
Awstats < 6.5_1.857 - XSS
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.
CVE-2006-1486 EXPLOITDB text WORKING POC
realestateZONE 4.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters.
CVE-2005-4073 EXPLOITDB text WRITEUP
Cfmagic Magic List Pro < 2.5 - SQL Injection
SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter.
CVE-2005-4071 EXPLOITDB text WRITEUP
Cfmagic Magic Forum Personal < 2.5 - SQL Injection
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.
CVE-2005-4071 EXPLOITDB text WRITEUP
Cfmagic Magic Forum Personal < 2.5 - SQL Injection
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.
CVE-2005-4177 EXPLOITDB text WRITEUP
Cfmagic Magic Book Personal - XSS
Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter.
CVE-2006-1567 EXPLOITDB text WRITEUP
SiteSearch Indexer <3.5 - XSS
Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter.
CVE-2006-1489 EXPLOITDB text WRITEUP
FusionZONE CouponZONE <4.2 - SQL Injection
Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) companyid, (2) scat, and (3) coid parameters.
CVE-2006-1431 EXPLOITDB text WRITEUP
fusionZONE couponZONE 4.2 - XSS
Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded (1) srchfor and (2) srchby parameters.
CVE-2006-1429 EXPLOITDB text WORKING POC
classifiedZONE 1.2- - XSS
Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter.
CVE-2005-4074 EXPLOITDB text WRITEUP
Mycfnuke CF Nuke - Path Traversal
Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is disabled, allows remote attackers to include arbitrary local .cfm files via a .. (dot dot) in the (1) sector or (2) page parameters.
CVE-2005-4075 EXPLOITDB text WORKING POC
Mycfnuke CF Nuke < 4.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector.
CVE-2006-2046 EXPLOITDB text WRITEUP
Application Dynamics Cartweaver Coldfusion < 2.16.11 - SQL Injection
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
CVE-2006-1407 EXPLOITDB text WRITEUP
Helm Web Hosting Control Panel <3.2.10 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.
CVE-2006-1407 EXPLOITDB text WRITEUP
Helm Web Hosting Control Panel <3.2.10 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.