the_Edit0r

30 exploits Active since Nov 2006
EIP-2026-118685 EXPLOITDB text WORKING POC
Installshield 2009 15.0.0.53 Premier - 'ISWiAutomation15.dll' ActiveX Arbitrary File Overwrite
EIP-2026-115534 EXPLOITDB html WORKING POC
Kylinsoft InstantGet 2.08 - ActiveX Control 'ShowBar' Method Buffer Overflow
EIP-2026-114879 EXPLOITDB perl WORKING POC
AiO (All into One) Flash Mixer 3 - '.afp' Crash (PoC)
EIP-2026-115276 EXPLOITDB text WORKING POC
FotoTagger 2.12.0.0 - '.XML' Buffer Overflow (PoC)
EIP-2026-115262 EXPLOITDB perl WORKING POC
FLIP Flash Album Deluxe 1.8.407.1 - '.fft' Crash (PoC)
EIP-2026-114984 EXPLOITDB text WORKING POC
Batch Picture Watemark 1.0 - '.jpg' Local Crash (PoC)
EIP-2026-114364 EXPLOITDB perl WORKING POC
Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion
CVE-2007-1928 EXPLOITDB text WORKING POC
Witshare - Path Traversal
Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter.
CVE-2006-6185 EXPLOITDB text WRITEUP
Wabbit Php Gallery - Path Traversal
Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to index.php.
CVE-2007-2098 EXPLOITDB text WRITEUP
Wabbit Php Gallery - XSS
Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters.
CVE-2007-2256 EXPLOITDB text WRITEUP
Tjschat - XSS
Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-2090 EXPLOITDB text WORKING POC
Tumusika Evolution - XSS
Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
EIP-2026-112382 EXPLOITDB text WORKING POC
Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-2300 EXPLOITDB text WRITEUP
Surat Kabar Phpwebnews - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.
CVE-2007-2300 EXPLOITDB text WRITEUP
Surat Kabar Phpwebnews - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.
CVE-2007-2300 EXPLOITDB text WRITEUP
Surat Kabar Phpwebnews - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.
CVE-2007-2632 EXPLOITDB text WRITEUP
phpMUR 2006.09.13 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[].
CVE-2006-6951 EXPLOITDB text WORKING POC
Odysseus Blog - XSS
Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2007-1968 EXPLOITDB text WORKING POC
MyBlog <1.6 - RCE
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.
CVE-2006-6087 EXPLOITDB text WORKING POC
MY Little Homepage MY Little Weblog - XSS
Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2007-2308 EXPLOITDB text WRITEUP
Flowers - XSS
Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter.
CVE-2006-6211 EXPLOITDB text WORKING POC
Birdblog - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.
CVE-2006-6211 EXPLOITDB text WORKING POC
Birdblog - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.
CVE-2006-6211 EXPLOITDB text WORKING POC
Birdblog - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.
CVE-2006-6211 EXPLOITDB text WORKING POC
Birdblog - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.