s4mi

13 exploits Active since Oct 2006
CVE-2007-3973 EXPLOITDB perl WORKING POC
JBlog 1.0 - Cross-Site Scripting via id Parameter or search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php.
CVE-2007-3974 EXPLOITDB perl WORKING POC
JBlog 1.0 - Unauthenticated Arbitrary Account Creation via admin/ajoutaut.php
admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.
CVE-2007-3974 EXPLOITDB html WORKING POC
JBlog 1.0 - Unauthenticated Arbitrary Account Creation via admin/ajoutaut.php
admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.
CVE-2007-3973 EXPLOITDB html WORKING POC
JBlog 1.0 - Cross-Site Scripting via id Parameter or search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php.
CVE-2007-3963 EXPLOITDB text WORKING POC
UseBB 1.0.7 - Cross-Site Scripting via PATH_INFO in Install Upgrade Scripts
Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.
CVE-2007-3963 EXPLOITDB text WORKING POC
UseBB 1.0.7 - Cross-Site Scripting via PATH_INFO in Install Upgrade Scripts
Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.
CVE-2007-4956 EXPLOITDB perl WORKING POC
KwsPHP 1.0 - SQL Injection via pseudo Parameter
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
CVE-2007-4956 EXPLOITDB perl WORKING POC
KwsPHP 1.0 - SQL Injection via pseudo Parameter
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
CVE-2007-4956 EXPLOITDB perl WORKING POC
KwsPHP 1.0 - SQL Injection via pseudo Parameter
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
CVE-2007-5458 EXPLOITDB perl WORKING POC
KwsPHP Newsletter Module 1.0 - SQL Injection via Newsletter Parameter
SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
CVE-2007-4919 EXPLOITDB html WORKING POC
JBlog 1.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php.
CVE-2007-4919 EXPLOITDB perl WORKING POC
JBlog 1.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php.
CVE-2006-5221 EXPLOITDB perl WORKING POC
Cahier de texte 2.0 - SQL Injection via matiere_ID or classe_ID Parameter
Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php.