599eme Man

42 exploits Active since Jan 2009
CVE-2009-2123 EXPLOITDB text WRITEUP
elvinbts 1.2.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
CVE-2011-4808 EXPLOITDB text WRITEUP
HM Community < 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
CVE-2008-6101 EXPLOITDB text WRITEUP
Adult Banner Exchange Website - SQL Injection
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
EIP-2026-115350 EXPLOITDB html WORKING POC
Google Chrome 3.0195.38 - Status Bar Obfuscation
EIP-2026-114924 EXPLOITDB html WORKING POC
Apple Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service
EIP-2026-114923 EXPLOITDB html WORKING POC
Apple Safari 4.0.4 - Remote Denial of Service
EIP-2026-113440 EXPLOITDB text WORKING POC
Willscript Auction Website Script - 'category.php' SQL Injection
EIP-2026-112426 EXPLOITDB text WRITEUP
StatsCode - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112199 EXPLOITDB text WORKING POC
SjXjV 2.3 - 'post.php' SQL Injection
CVE-2009-2437 EXPLOITDB text WRITEUP
Rentventory 1.0.1 - Cross-Site Scripting via Login Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action.
EIP-2026-111329 EXPLOITDB text WRITEUP
Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting
CVE-2009-4689 EXPLOITDB text WORKING POC
PHP Shopping Cart Selling Website Script - SQL Injection
SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-2885 EXPLOITDB text WORKING POC
PHP Scripts Now World's Tallest Buildings - SQL Injection via bios.php rank Parameter
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.
CVE-2009-2884 EXPLOITDB text WRITEUP
PHP Scripts Now World's Tallest Buildings - Cross-Site Scripting via bios.php rank Parameter
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
EIP-2026-110623 EXPLOITDB text WORKING POC
PhotoPost PHP 3.3.1 - 'cat' Cross-Site Scripting / SQL Injection
CVE-2009-4688 EXPLOITDB text WORKING POC
PHP Shopping Cart Selling Website Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.
CVE-2009-4864 EXPLOITDB text WRITEUP
I-Escorts Directory Script and Agency Script - Cross-Site Scripting via search_name or languages Parameter
Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-3162 EXPLOITDB text WORKING POC
Multi Website 1.5 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.
CVE-2009-4057 EXPLOITDB text WORKING POC
Joomla! com_if_nexus 1.1 - SQL Injection
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php.
EIP-2026-108908 EXPLOITDB text WRITEUP
Joomla! Extension UIajaxIM 1.1 - JavaScript Execution
CVE-2009-2442 EXPLOITDB text WORKING POC
linea21 1.2.1 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action.
CVE-2009-3054 EXPLOITDB text WRITEUP
Artetics Art Portal (com_artportal) 1.0 - SQL Injection via Portalid Parameter
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
CVE-2011-4809 EXPLOITDB text WRITEUP
HM Community (com_hmcommunity) < 1.0 - Cross-Site Scripting via Multiple Profile Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
EIP-2026-108575 EXPLOITDB text WRITEUP
Joomla! Component com_user - 'view' Open Redirection
CVE-2009-4475 EXPLOITDB text WORKING POC
Joomlub com_joomlub - SQL Injection via aid Parameter
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.