s4r4d0

9 exploits Active since Dec 2009
CVE-2009-4713 EXPLOITDB WORKING POC
XOOPS Celepar Qas Module - Stored Cross-Site Scripting via cod_categoria and opcao Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php.
CVE-2009-4698 EXPLOITDB text WORKING POC
XOOPS Celepar Qas Module - SQL Injection via codigo or cod_categoria Parameter
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
CVE-2009-4714 EXPLOITDB text WORKING POC
XOOPS Celepar Quiz Module - Cross-Site Scripting via PATH_INFO to cadastro_usuario.php
Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.
CVE-2009-4512 EXPLOITDB text WORKING POC
Oscailt 3.3 - Unauthenticated Local File Inclusion via obj_id Parameter
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter.
EIP-2026-107561 EXPLOITDB text WORKING POC
HAWHAW - 'newsread.php' SQL Injection
EIP-2026-106874 EXPLOITDB text WRITEUP
eNdonesia CMS 8.4 - Local File Inclusion
EIP-2026-106470 EXPLOITDB text WORKING POC
Discuz! 6.0 - 'tid' Cross-Site Scripting
EIP-2026-106355 EXPLOITDB text WORKING POC
Data 1 Systems UltraBB 1.17 - 'view_post.php' Cross-Site Scripting
CVE-2009-4360 EXPLOITDB text WORKING POC
XOOPS 0.5 - Content Module - SQL Injection
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.