Aria-Security Team

88 exploits Active since Mar 2004
CVE-2006-6207 EXPLOITDB text WRITEUP
Evolve Merchant - SQL Injection via products.asp partno Parameter
SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL error
CVE-2006-6367 EXPLOITDB text WRITEUP
DUware DUdownload <1.1 - SQL Injection
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
CVE-2006-6355 EXPLOITDB text WRITEUP
DuWare DuClassmate - SQL Injection via iCity Parameter
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
CVE-2006-7118 EXPLOITDB text WRITEUP
DMXReady Site Engine Manager 1.0 - SQL Injection via mid Parameter
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
EIP-2026-100216 EXPLOITDB text WRITEUP
CodeWidgets Web Based Alpha Tabbed Address Book - 'index.asp' SQL Injection
CVE-2006-6181 EXPLOITDB text WRITEUP
ClickTech ClickContact - SQL Injection via AlphaSort, In, or orderby Parameters
Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters.
CVE-2006-6189 EXPLOITDB text WRITEUP
ClickTech ClickBlog - SQL Injection via displayCalendar.asp Date Parameter
SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter.
EIP-2026-100202 EXPLOITDB text WORKING POC
Click&BaneX - 'Details.asp' SQL Injection
EIP-2026-100201 EXPLOITDB text WRITEUP
Click Gallery - Multiple Input Validation Vulnerabilities
EIP-2026-100159 EXPLOITDB text WRITEUP
Baran CMS 1.0 - 'Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation
EIP-2026-100133 EXPLOITDB text WRITEUP
ASPIntranet 2.1 - Multiple SQL Injections
CVE-2006-5987 EXPLOITDB text WRITEUP
aspintranet - SQL Injection via default.asp a Parameter
SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter.
CVE-2006-6210 EXPLOITDB text WRITEUP
iisworks asp_listpics 5.0 - SQL Injection via ID Parameter
SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.