trueend5

25 exploits Active since Mar 2005
CVE-2007-6079 EXPLOITDB text WRITEUP
bcoos 1.0.10 - Path Traversal
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.
CVE-2005-0741 EXPLOITDB text WORKING POC
Yabb - XSS
Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.
EIP-2026-112990 EXPLOITDB text WORKING POC
vBulletin 3.5.2 - Event Title HTML Injection
CVE-2005-4139 EXPLOITDB text WRITEUP
Thwboard Beta - SQL Injection
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
CVE-2005-4139 EXPLOITDB text WRITEUP
Thwboard Beta - SQL Injection
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
CVE-2005-4139 EXPLOITDB text WRITEUP
Thwboard Beta - SQL Injection
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
EIP-2026-111827 EXPLOITDB php SCANNER
RunCMS 1.6 - 'disclaimer.php' Remote File Overwrite
EIP-2026-111828 EXPLOITDB text WRITEUP
RunCMS 1.6 - Local File Inclusion
CVE-2005-3770 EXPLOITDB text WRITEUP
Phppost - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php.
CVE-2005-3770 EXPLOITDB text WRITEUP
Phppost - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php.
CVE-2005-2979 EXPLOITDB text WRITEUP
phpoutsourcing Noah's classifieds - SQL Injection
SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter.
CVE-2006-0880 EXPLOITDB text WORKING POC
Phpoutsourcing Noahs Classifieds - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters.
CVE-2006-0881 EXPLOITDB text WRITEUP
Noah's Classifieds 1.3 - RCE
Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php.
CVE-2006-0882 EXPLOITDB text WORKING POC
Phpoutsourcing Noahs Classifieds - Path Traversal
Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php.
CVE-2006-0879 EXPLOITDB text WORKING POC
Phpoutsourcing Noahs Classifieds - SQL Injection
SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
CVE-2005-2980 EXPLOITDB text WORKING POC
phpoutsourcing Noah's classifieds <1.3 - XSS
Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter.
EIP-2026-109946 EXPLOITDB php WORKING POC
Noahs Classifieds 1.3 - 'lowerTemplate' Remote Code Execution
EIP-2026-108832 EXPLOITDB php WORKING POC
Joomla! Component Poll 1.0.10 - Arbitrary Add Votes
EIP-2026-108168 EXPLOITDB php WORKING POC
Joomla! 1.0.7 / Mambo 4.5.3 - 'feed' Full Path Disclosure / Denial of Service
CVE-2006-2699 EXPLOITDB text WRITEUP
Geeklog - XSS
Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.
CVE-2005-3638 EXPLOITDB text WORKING POC
Ekinboard - XSS
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.
CVE-2007-6080 EXPLOITDB text WRITEUP
bcoos <1.0.13 - SQL Injection
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.
CVE-2005-4461 EXPLOITDB text WRITEUP
Beehive Forum <0.6.2 - SQL Injection
SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter.
CVE-2006-1224 EXPLOITDB php WORKING POC
GuppY 4.5.11 - Path Traversal
Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.
EIP-2026-100481 EXPLOITDB text WRITEUP
PersianBlog - 'Userslist.asp' SQL Injection