я3d D3v!L

29 exploits Active since Dec 2008
CVE-2008-5638 EXPLOITDB WORKING POC
Active Price Comparison 4 - SQL Injection
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp.
CVE-2008-5632 EXPLOITDB WORKING POC
Active Time Billing 3.2 - SQL Injection
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-5973 EXPLOITDB text WORKING POC
Active Web Mail 4.0 - SQL Injection
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2008-7083 EXPLOITDB text WORKING POC
ReVou Micro Blogging Twitter clone - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2009-3175 EXPLOITDB text WORKING POC
Model Agency Manager PRO - SQL Injection via user_id or id Parameter
Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php.
CVE-2009-0462 EXPLOITDB text WORKING POC
ClickTech ClickCart 6.0 - SQL Injection
Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information.
CVE-2009-0297 EXPLOITDB text WORKING POC
ClickAuction - SQL Injection via txtEmail or txtPassword Parameter
SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-6809 EXPLOITDB text WORKING POC
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
CVE-2008-5975 EXPLOITDB text WRITEUP
Active Price Comparison 4.0 - SQL Injection
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5641 EXPLOITDB text WORKING POC
Active Photo Gallery 6.2 - SQL Injection
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-6379 EXPLOITDB text WRITEUP
Gallery MX 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-3343 EXPLOITDB text WRITEUP
HotWeb Rentals - SQL Injection via PropId Parameter
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
CVE-2008-6366 EXPLOITDB text WORKING POC
Ad Server Solutions Affiliate Software Java 4.0 - SQL Injection via Logon.jsp Parameters
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.
CVE-2008-6889 EXPLOITDB text WRITEUP
ASPreferral 5.3 - SQL Injection via Merchantsadd.asp AccountID Parameter
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
CVE-2008-5634 EXPLOITDB text WORKING POC
Active Force Matrix 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-6378 EXPLOITDB text WRITEUP
Calendar Mx Professional 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2008-5631 EXPLOITDB text WORKING POC
Active eWebquiz 8.0 - SQL Injection
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6364 EXPLOITDB text WRITEUP
Ad Server Solutions Banner Exchange Solution Java - SQL Injection via Logon Process
SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.
CVE-2008-5635 EXPLOITDB text WORKING POC
Active Membership 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-6286 EXPLOITDB text WORKING POC
Active Newsletter 4.3 - SQL Injection via Email or Password Parameter
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-5974 EXPLOITDB text WORKING POC
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
CVE-2008-5958 EXPLOITDB text WRITEUP
Active Test 2.1 - SQL Injection via QuizID Parameter
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
CVE-2008-5959 EXPLOITDB text WORKING POC
Active Test 2.1 - SQL Injection via Useremail or Password Parameter
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2008-5627 EXPLOITDB text WORKING POC
Active Trade 2 - SQL Injection via Username or Password Parameter
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5974 EXPLOITDB text WORKING POC
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.