Aria-Security Team

88 exploits Active since Mar 2004
CVE-2007-6671 EXPLOITDB text WORKING POC
Instant Softwares Dating Site - SQL Injection
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information.
CVE-2007-6091 EXPLOITDB text WORKING POC
JiRo's Banner System/JUS 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.
CVE-2007-4110 EXPLOITDB text WORKING POC
Message Board/Threaded Discussion Forum App Template - SQL Injection
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2006-6209 EXPLOITDB text WRITEUP
MidiCart ASP and ASP Plus Shopping Cart - SQL Injection via id2006quant, maingroup, or secondgroup Parameter
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
EIP-2026-100455 EXPLOITDB text WORKING POC
NetAuctionHelp 4.1 - 'nsearch' SQL Injection
CVE-2007-4208 EXPLOITDB text WORKING POC
Next Gen Portfolio Manager - SQL Injection
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
CVE-2007-4109 EXPLOITDB text WRITEUP
codewidgets Online Event Registration Template - SQL Injection via sign_in.aspx Password Parameter
SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4106 EXPLOITDB text WRITEUP
CodeWidgets Pay Roll - Time Sheet and Punch Card App - SQL Injection
SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.
EIP-2026-100515 EXPLOITDB text WORKING POC
Rapid Classified - 'AgencyCatResult.asp' SQL Injection
EIP-2026-100519 EXPLOITDB text WRITEUP
RBlog 1.0 - 'admin.mdb' Remote Password Disclosure
CVE-2007-4111 EXPLOITDB text WRITEUP
Real Estate listing website app < - SQL Injection
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-5625 EXPLOITDB text WRITEUP
ASP Site Search SearchSimon Lite 1.0 - Cross-Site Scripting via QUERY Parameter
Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.
CVE-2006-5936 EXPLOITDB text WRITEUP
SiteXpress E-Commerce System - SQL Injection via dept.asp id Parameter
SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6050 EXPLOITDB text WRITEUP
ClickTech Texas Rank'em - SQL Injection via selPlayer or tournament_id Parameter
Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp.
CVE-2006-6050 EXPLOITDB text WRITEUP
ClickTech Texas Rank'em - SQL Injection via selPlayer or tournament_id Parameter
Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp.
EIP-2026-100594 EXPLOITDB text WRITEUP
UApplication Uguestbook 1.0 - 'index.asp' SQL Injection
CVE-2006-6247 EXPLOITDB text WRITEUP
Uapplication UPhotoGallery 1.1 - SQL Injection via ci Parameter
Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp.
CVE-2006-6247 EXPLOITDB text WRITEUP
Uapplication UPhotoGallery 1.1 - SQL Injection via ci Parameter
Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp.
CVE-2007-6138 EXPLOITDB text WORKING POC
VU Mass Mailer - SQL Injection via Login Page Password Parameter
SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.
CVE-2006-6936 EXPLOITDB text WRITEUP
Pensacola WEB Designs Xtremeasp Photogallery - XSS
Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032.
CVE-2006-6937 EXPLOITDB text WRITEUP
Pensacola WEB Designs Xtremeasp Photogallery - SQL Injection
SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.
EIP-2026-100085 EXPLOITDB text WRITEUP
20/20 Real Estate 3.2 - 'listings.asp' SQL Injection
CVE-2006-6195 EXPLOITDB text WRITEUP
Fixit iDMS Pro Image Gallery - SQL Injection via show_id, parentid, or fid Parameter
Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp.
CVE-2006-6195 EXPLOITDB text WRITEUP
Fixit iDMS Pro Image Gallery - SQL Injection via show_id, parentid, or fid Parameter
Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp.
CVE-2006-6243 EXPLOITDB text WRITEUP
FipsSHOP < 5.10 - SQL Injection via cat or did Parameter
Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.