Ariko-Security

17 exploits Active since Feb 2010
CVE-2010-4631 EXPLOITDB text WRITEUP
pilot_cart 7.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.
CVE-2010-2316 EXPLOITDB text WRITEUP
wmscms < 2.0 - Cross-Site Scripting via search, sbr, p, or sbl Parameters
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137.
EIP-2026-113437 EXPLOITDB text WRITEUP
Wild CMS - SQL Injection
CVE-2010-2317 EXPLOITDB text WRITEUP
WmsCms < 2.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.
EIP-2026-113062 EXPLOITDB text WRITEUP
ViArt Shop 4.0.5 - Multiple Vulnerabilities
EIP-2026-113239 EXPLOITDB text WRITEUP
WebAdministrator Lite CMS - SQL Injection
EIP-2026-113228 EXPLOITDB text WRITEUP
Web-Ideas Web Shop Standard - SQL Injection
CVE-2014-9558 EXPLOITDB CRITICAL text WRITEUP
SmartCMS 2 - SQL Injection
Multiple SQL injection vulnerabilities in SmartCMS v.2.
CVSS 9.8
EIP-2026-112021 EXPLOITDB text WRITEUP
Shop a la Cart - Multiple Vulnerabilities
CVE-2010-0671 EXPLOITDB text WRITEUP
KR MEDIA Pogodny CMS - SQL Injection via id Parameter in niusy Action
SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action.
CVE-2012-4928 EXPLOITDB text WORKING POC
Oxwall 1.1.1 - Cross-Site Scripting via Plugin Parameter
Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.
EIP-2026-107703 EXPLOITDB text WRITEUP
I-Vision CMS - Cross-Site Scripting / SQL Injection
EIP-2026-106562 EXPLOITDB text WRITEUP
DPScms - 'q' SQL Injection / Cross-Site Scripting
EIP-2026-106227 EXPLOITDB text WORKING POC
CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-105158 EXPLOITDB text WRITEUP
Amelia CMS - SQL Injection
EIP-2026-105195 EXPLOITDB text WRITEUP
apemCMS - SQL Injection
CVE-2010-4632 EXPLOITDB text WRITEUP
pilot_cart 7.3 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.