the_Edit0r

CVE-2007-1248 EXPLOITDB text WRITEUP

built2go News Manager Blog 1.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.

View Code

CVE-2007-1248 EXPLOITDB text WRITEUP

built2go News Manager Blog 1.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.

View Code

CVE-2007-2310 EXPLOITDB text WORKING POC

bloofoxcms 0.2.2 - Cross-Site Scripting via img_url Parameter

Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter.

View Code

CVE-2006-6020 EXPLOITDB text WRITEUP

Blog Torrent Preview 0.92 - Cross-Site Scripting via Announce.php Left Parameter

Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.

View Code

CVE-2007-2857 EXPLOITDB text WRITEUP

ABC Excel Parser Pro < 4.0 - Remote File Inclusion via Parser Path Parameter

PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter.

View Code