sonyy

22 exploits Active since Feb 2012
CVE-2012-1213 EXPLOITDB text WORKING POC
Zimbra Collaboration Suite 6.x-6.0.15 7.x-7.1.3 - Cross-Site Scripting via Calendar View Parameter
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
CVE-2012-5225 EXPLOITDB text WORKING POC
xClick Cart 1.0.1 and 1.0.2 - Cross-Site Scripting via shopping_url Parameter
Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.
EIP-2026-113164 EXPLOITDB text WORKING POC
W-Agora 4.1.6 - 'modules.php?File' Traversal Arbitrary File Access
EIP-2026-113163 EXPLOITDB text WRITEUP
W-Agora 4.1.6 - 'index.php?bn' Traversal Arbitrary File Access
CVE-2012-5321 EXPLOITDB text WRITEUP
TikiWiki CMS/Groupware 8.3 - Frame Injection via URL Parameter
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
CVE-2012-5104 EXPLOITDB text WORKING POC
UBB.threads <= 7.5.6 - Cross-Site Scripting via Loginname Parameter
Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter.
EIP-2026-112200 EXPLOITDB text WRITEUP
SkaDate - 'blogs.php' Cross-Site Scripting
CVE-2012-5341 EXPLOITDB text WORKING POC
Otterware StatIt 4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action.
EIP-2026-112257 EXPLOITDB text WORKING POC
SMW+ 1.5.6 - 'target' HTML Injection
EIP-2026-111660 EXPLOITDB text WORKING POC
RabbitWiki - 'title' Cross-Site Scripting
EIP-2026-111555 EXPLOITDB text WRITEUP
ProWiki - 'id' Cross-Site Scripting
EIP-2026-110543 EXPLOITDB text WORKING POC
Pendulab ChatBlazer 8.5 - 'Username' Cross-Site Scripting
EIP-2026-110032 EXPLOITDB text WORKING POC
Omnistar Live - Cross-Site Scripting / SQL Injection
EIP-2026-107920 EXPLOITDB text WORKING POC
Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting
CVE-2012-1294 EXPLOITDB text WRITEUP
CONTIMEX Impulsio CMS - SQL Injection via id Parameter
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
EIP-2026-107406 EXPLOITDB text WORKING POC
GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-107498 EXPLOITDB text WORKING POC
Gregarius 0.6.1 - Multiple SQL Injections / Cross-Site Scripting
CVE-2012-5295 EXPLOITDB text WORKING POC
FuseTalk Forums < 3.2 - Cross-Site Scripting via login.cfm windowed Parameter
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
EIP-2026-105662 EXPLOITDB text WORKING POC
ButorWiki 3.0 - 'service' Cross-Site Scripting
EIP-2026-105583 EXPLOITDB text WORKING POC
Bontq - 'user/' URI Cross-Site Scripting
EIP-2026-102380 EXPLOITDB text WRITEUP
JaWiki - 'versionNo' Cross-Site Scripting
EIP-2026-102379 EXPLOITDB text WORKING POC
JavaBB 0.99 - 'userId' Cross-Site Scripting