the_Edit0r - Security Researcher - Exploit Intelligence Platform

EIP-2026-118685 EXPLOITDB text WORKING POC

Installshield 2009 15.0.0.53 Premier - 'ISWiAutomation15.dll' ActiveX Arbitrary File Overwrite

View Code

EIP-2026-115534 EXPLOITDB html WORKING POC

Kylinsoft InstantGet 2.08 - ActiveX Control 'ShowBar' Method Buffer Overflow

View Code

EIP-2026-114879 EXPLOITDB perl WORKING POC

AiO (All into One) Flash Mixer 3 - '.afp' Crash (PoC)

View Code

EIP-2026-115276 EXPLOITDB text WORKING POC

FotoTagger 2.12.0.0 - '.XML' Buffer Overflow (PoC)

View Code

EIP-2026-115262 EXPLOITDB perl WORKING POC

FLIP Flash Album Deluxe 1.8.407.1 - '.fft' Crash (PoC)

View Code

EIP-2026-114984 EXPLOITDB text WORKING POC

Batch Picture Watemark 1.0 - '.jpg' Local Crash (PoC)

View Code

EIP-2026-114364 EXPLOITDB perl WORKING POC

Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion

View Code

CVE-2007-1928 EXPLOITDB text WORKING POC

witshare 0.9 - Directory Traversal via Menu Parameter

Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter.

View Code

CVE-2006-6185 EXPLOITDB text WRITEUP

Wabbit PHP Gallery 0.9 - Directory Traversal via Dir Parameter

Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to index.php.

View Code

CVE-2007-2098 EXPLOITDB text WRITEUP

Wabbit PHP Gallery 0.9 - Cross-Site Scripting via pic or gal Parameter

Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters.

View Code

CVE-2007-2256 EXPLOITDB text WRITEUP

TJSChat 0.95 - Cross-Site Scripting via User Parameter

Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

View Code

CVE-2007-2090 EXPLOITDB text WORKING POC

TuMusika Evolution 1.6 - Cross-Site Scripting via msg Parameter

Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

View Code

EIP-2026-112382 EXPLOITDB text WORKING POC

Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2007-2300 EXPLOITDB text WRITEUP

phpwebnews <= 0.2 - Cross-Site Scripting via m_txt Parameter

Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.

View Code

CVE-2007-2300 EXPLOITDB text WRITEUP

phpwebnews <= 0.2 - Cross-Site Scripting via m_txt Parameter

Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.

View Code

CVE-2007-2300 EXPLOITDB text WRITEUP

phpwebnews <= 0.2 - Cross-Site Scripting via m_txt Parameter

Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.

View Code

CVE-2007-2632 EXPLOITDB text WRITEUP

PHP Multi User Randomizer 2006.09.13 - Cross-Site Scripting via edit_plugin Parameter or Array Parameters

Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[].

View Code

CVE-2006-6951 EXPLOITDB text WORKING POC

OdysseusBlog - Cross-Site Scripting via Page Parameter

Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.

View Code

CVE-2007-1968 EXPLOITDB text WORKING POC

MyBlog <1.6 - Remote Code Execution

PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.

View Code

CVE-2006-6087 EXPLOITDB text WORKING POC

my_little_weblog - Cross-Site Scripting via Action Parameter

Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter.

View Code

CVE-2007-2308 EXPLOITDB text WRITEUP

FloweRS 2.0 - Cross-Site Scripting via rok Parameter

Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter.

View Code

CVE-2006-6211 EXPLOITDB text WORKING POC

BirdBlog 1.4.0 - Stored Cross-Site Scripting via msg, month, or page Parameters

Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.

View Code

CVE-2006-6211 EXPLOITDB text WORKING POC

BirdBlog 1.4.0 - Stored Cross-Site Scripting via msg, month, or page Parameters

Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.

View Code

CVE-2006-6211 EXPLOITDB text WORKING POC

BirdBlog 1.4.0 - Stored Cross-Site Scripting via msg, month, or page Parameters

Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.

View Code

CVE-2006-6211 EXPLOITDB text WORKING POC

BirdBlog 1.4.0 - Stored Cross-Site Scripting via msg, month, or page Parameters

Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.

View Code