я3d D3v!L

29 exploits Active since Dec 2008
CVE-2008-5638 EXPLOITDB WORKING POC
Active Price Comparison 4 - SQL Injection
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp.
CVE-2008-5632 EXPLOITDB WORKING POC
Active Time Billing 3.2 - SQL Injection
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-5973 EXPLOITDB text WORKING POC
Active Web Mail 4.0 - SQL Injection
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2008-7083 EXPLOITDB text WORKING POC
Revou Micro Blogging Twitter Clone - SQL Injection
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2009-3175 EXPLOITDB text WORKING POC
Boldfx Model Agency Manager Pro - SQL Injection
Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php.
CVE-2009-0462 EXPLOITDB text WORKING POC
ClickTech ClickCart 6.0 - SQL Injection
Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information.
CVE-2009-0297 EXPLOITDB text WORKING POC
ClickAuction - SQL Injection
SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-6809 EXPLOITDB text WORKING POC
Bookingcentre Booking System For Hotels Group - SQL Injection
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
CVE-2008-5975 EXPLOITDB text WRITEUP
Active Price Comparison 4.0 - SQL Injection
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5641 EXPLOITDB text WORKING POC
Active Photo Gallery 6.2 - SQL Injection
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-6379 EXPLOITDB text WRITEUP
Mxmania Gallery MX - SQL Injection
SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-3343 EXPLOITDB text WRITEUP
Hotwebscripts Hotweb Rentals - SQL Injection
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
CVE-2008-6366 EXPLOITDB text WORKING POC
Adserversolutions Affiliate Software Java - SQL Injection
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.
CVE-2008-6889 EXPLOITDB text WRITEUP
Activewebsoftwares Aspreferral - SQL Injection
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
CVE-2008-5634 EXPLOITDB text WORKING POC
Active Force Matrix 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-6378 EXPLOITDB text WRITEUP
Mxmania Calendar MX Professional - SQL Injection
SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2008-5631 EXPLOITDB text WORKING POC
Active eWebquiz 8.0 - SQL Injection
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6364 EXPLOITDB text WRITEUP
Adserversolutions Banner Exchange Software - SQL Injection
SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.
CVE-2008-5635 EXPLOITDB text WORKING POC
Active Membership 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-6286 EXPLOITDB text WORKING POC
Activewebsoftwares Active Newsletter - SQL Injection
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-5974 EXPLOITDB text WORKING POC
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
CVE-2008-5958 EXPLOITDB text WRITEUP
Active Test 2.1 - SQL Injection
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
CVE-2008-5959 EXPLOITDB text WORKING POC
Active Test 2.1 - SQL Injection
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2008-5627 EXPLOITDB text WORKING POC
Active Trade 2 - SQL Injection
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5974 EXPLOITDB text WORKING POC
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.