r0t - Security Researcher - Exploit Intelligence Platform

CVE-2006-1965 EXPLOITDB text WRITEUP

aasi media Net Clubs Pro - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.

View Code

CVE-2006-1709 EXPLOITDB text WORKING POC

interaktiv.shop < 5 - Cross-Site Scripting via pn or sbeg Parameters

Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.

View Code

CVE-2006-1943 EXPLOITDB text WRITEUP

IntelliLink Pro <= 5.06 - Cross-Site Scripting via URL Parameter in addlink_lwp.cgi and ID Parameters in edit.cgi

Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi.

View Code

CVE-2006-1943 EXPLOITDB text WRITEUP

IntelliLink Pro <= 5.06 - Cross-Site Scripting via URL Parameter in addlink_lwp.cgi and ID Parameters in edit.cgi

Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi.

View Code

CVE-2005-4032 EXPLOITDB text WRITEUP

Easy Search System <= 1.1 - Cross-Site Scripting via q Parameter

Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.

View Code

CVE-2006-1944 EXPLOITDB text WRITEUP

SibSoft CommuniMail < 1.2 - Cross-Site Scripting via list_id and form_id Parameters

Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.

View Code

CVE-2006-1944 EXPLOITDB text WRITEUP

SibSoft CommuniMail < 1.2 - Cross-Site Scripting via list_id and form_id Parameters

Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.

View Code

CVE-2006-1404 EXPLOITDB text WRITEUP

BlankOL < 1 - Cross-Site Scripting via File or Function Parameter

Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file or (2) function parameter.

View Code

CVE-2006-1950 EXPLOITDB text WRITEUP

PerlCoders BannerFarm <= 2.3 - Cross-Site Scripting via aff and cat Parameters

Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters.

View Code

CVE-2006-3682 EXPLOITDB text WRITEUP

AWStats 6.5 <1.857 - Info Disclosure

awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.

View Code

CVE-2006-1945 EXPLOITDB text WORKING POC

AWStats < 6.5 - Cross-Site Scripting via Config Parameter

Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.

View Code

CVE-2006-1486 EXPLOITDB text WORKING POC

realestateZONE < 4.2 - Cross-Site Scripting via bamin, bemin, pmin, or state Parameters

Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters.

View Code

CVE-2005-4073 EXPLOITDB text WRITEUP

CFMagic Magic List Pro < 2.5 - SQL Injection via ListID Parameter

SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter.

View Code

CVE-2005-4071 EXPLOITDB text WRITEUP

CFMagic Magic Forum Personal < 2.5 - SQL Injection via ForumID or ThreadID Parameter

Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.

View Code

CVE-2005-4071 EXPLOITDB text WRITEUP

CFMagic Magic Forum Personal < 2.5 - SQL Injection via ForumID or ThreadID Parameter

Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.

View Code

CVE-2005-4177 EXPLOITDB text WRITEUP

Magic Book Personal and Professional 2.0 - Cross-Site Scripting via StartRow Parameter

Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter.

View Code

CVE-2006-1567 EXPLOITDB text WRITEUP

SiteSearch Indexer < 3.5 - Cross-Site Scripting via searchField Parameter

Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter.

View Code

CVE-2006-1489 EXPLOITDB text WRITEUP

FusionZONE CouponZONE <4.2 - SQL Injection

Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) companyid, (2) scat, and (3) coid parameters.

View Code

CVE-2006-1431 EXPLOITDB text WRITEUP

fusionZONE couponZONE 4.2 - Cross-Site Scripting via local.cfm srchfor and srchby Parameters

Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded (1) srchfor and (2) srchby parameters.

View Code

CVE-2006-1429 EXPLOITDB text WORKING POC

classifiedZONE < 1.2 - Cross-Site Scripting via rtn Parameter

Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter.

View Code

CVE-2005-4074 EXPLOITDB text WRITEUP

CF_Nuke <= 4.6 - Directory Traversal via Sector or Page Parameter

Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is disabled, allows remote attackers to include arbitrary local .cfm files via a .. (dot dot) in the (1) sector or (2) page parameters.

View Code

CVE-2005-4075 EXPLOITDB text WORKING POC

cf_nuke < 4.6 - Cross-Site Scripting via Topic, Newsid, or Cat Parameter

Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector.

View Code

CVE-2006-2046 EXPLOITDB text WRITEUP

Cartweaver ColdFusion < 2.16.11 - SQL Injection via Category, Keywords, or ProdID Parameter

Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.

View Code

CVE-2006-1407 EXPLOITDB text WRITEUP

Helm Web Hosting Control Panel <3.2.10 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.

View Code

CVE-2006-1407 EXPLOITDB text WRITEUP

Helm Web Hosting Control Panel <3.2.10 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.

View Code