3spi0n

24 exploits Active since May 2008
CVE-2013-5311 EXPLOITDB text WRITEUP
Vastal I-Tech phpVID <1.2.3 - SQL Injection
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
CVE-2008-4157 EXPLOITDB text WRITEUP
Vastal I-Tech phpVID 1.1 and 1.2.3 - SQL Injection via groups.php cat Parameter
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
CVE-2008-2335 EXPLOITDB text WRITEUP
Vastal I-Tech phpVID 1.1, 1.2, 1.2.3 - Cross-Site Scripting via Search Results Query Parameter
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
EIP-2026-114555 EXPLOITDB text WORKING POC
YT-Videos Script - 'id' SQL Injection
EIP-2026-114310 EXPLOITDB text WORKING POC
WordPress Theme Bonus 1.0 - 's' Cross-Site Scripting
CVE-2012-6045 EXPLOITDB text WORKING POC
Ramui Forum - Stored Cross-Site Scripting via Query Parameter in gb/user/index.php
Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter.
EIP-2026-111813 EXPLOITDB text WRITEUP
RTTucson Quotations Database - Multiple Vulnerabilities
EIP-2026-111950 EXPLOITDB text WRITEUP
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
EIP-2026-111951 EXPLOITDB text WRITEUP
Scripts Genie Domain Trader - 'catalog.php?id' SQL Injection
EIP-2026-111952 EXPLOITDB text WRITEUP
Scripts Genie Gallery Personals - 'gallery.php?L' SQL Injection
EIP-2026-111953 EXPLOITDB text WRITEUP
Scripts Genie Games Site Script - 'index.php?id' SQL Injection
EIP-2026-111956 EXPLOITDB text WRITEUP
Scripts Genie Top Sites - 'out.php?id' SQL Injection
CVE-2013-5312 EXPLOITDB text WRITEUP
Vastal phpVID 1.2.3 - Cross-Site Scripting via Browse Videos or Groups Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.
CVE-2012-6525 EXPLOITDB text WRITEUP
phpbridges - SQL Injection via id Parameter
SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-6524 EXPLOITDB text WRITEUP
powie pGB 2.12 - SQL Injection via kommentar.php id Parameter
SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-110544 EXPLOITDB text WORKING POC
Penny Auction 5 - SQL Injection
EIP-2026-110344 EXPLOITDB text WORKING POC
OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-109515 EXPLOITDB text WRITEUP
MLMAuction Script - 'gallery.php?id' SQL Injection
EIP-2026-109509 EXPLOITDB text WORKING POC
MLM (Multi Level Marketing) Script - Multiple Vulnerabilities
EIP-2026-109221 EXPLOITDB text WORKING POC
Lowest Unique Bid Auction - SQL Injection
EIP-2026-107449 EXPLOITDB text WRITEUP
Godly Forums - 'id' SQL Injection
EIP-2026-106930 EXPLOITDB text WRITEUP
Event Calendar PHP - 'cal_year' Cross-Site Scripting
EIP-2026-105857 EXPLOITDB text WRITEUP
City Directory Review and Rating Script - 'search.php' SQL Injection
EIP-2026-105858 EXPLOITDB text WRITEUP
City Reviewer - 'search.php' Script SQL Injection