AnGeL25dZ

5 exploits Active since Jan 2009
CVE-2009-4798 EXPLOITDB text WRITEUP
Diskos CMS 6.x - SQL Injection via side.asp kat Parameter and Admin Login Fields
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.
CVE-2008-5817 EXPLOITDB text WORKING POC
Web Scribble Solutions webClassifieds 2005 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
CVE-2008-6049 EXPLOITDB text WRITEUP
Rejected
Rejected reason: SQL injection vulnerability in index.php in TinyMCE 2.0.1 allows remote attackers to execute arbitrary SQL commands via the menuID parameter. NOTE: CVE and multiple reliable third parties dispute this issue, since TinyMCE does not contain index.php or any PHP code. This may be an issue in a product that has integrated TinyMCE
EIP-2026-100158 EXPLOITDB text WORKING POC
Back-End CMS 5.0 - 'main.asp?id' SQL Injection
CVE-2009-4799 EXPLOITDB text WRITEUP
Diskos CMS 6.x - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb.