s3rv3r_hack3r

15 exploits Active since Apr 2006
CVE-2006-4741 EXPLOITDB WORKING POC
IDevSpot PhpLinkExchange 1.0 - RCE
PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter.
CVE-2006-4747 EXPLOITDB text WRITEUP
IdevSpot TextAds - XSS
Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
CVE-2006-4747 EXPLOITDB text WRITEUP
IdevSpot TextAds - XSS
Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
CVE-2007-2474 EXPLOITDB text WORKING POC
Turnkey Web Tools SunShop Shopping Cart 4.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070.
EIP-2026-111200 EXPLOITDB perl WORKING POC
PHPSelect Submit-A-Link - HTML Injection
CVE-2006-4742 EXPLOITDB text WORKING POC
IDevSpot PhpLinkExchange 1.0 - XSS
Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-4894 EXPLOITDB text WRITEUP
iDevSpot NixieAffiliate <1.9 - XSS
Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2006-4884 EXPLOITDB text WRITEUP
IDevSpot iSupport 1.8 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
EIP-2026-107756 EXPLOITDB text WRITEUP
IDevSpot BizDirectory 1.9 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-107758 EXPLOITDB text WORKING POC
IDevSpot iSupport 1.8 - 'index.php' Remote File Inclusion
CVE-2006-4884 EXPLOITDB text WRITEUP
IDevSpot iSupport 1.8 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4884 EXPLOITDB text WRITEUP
IDevSpot iSupport 1.8 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-0890 EXPLOITDB text WRITEUP
cPanel WHM <11.0.0 - XSS
Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
CVE-2006-1586 EXPLOITDB text WORKING POC
ISP of Egypt SiteMan - SQL Injection
SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter.
EIP-2026-100298 EXPLOITDB text WRITEUP
EasyPage 7 - 'Default.aspx' SQL Injection