Bl@ckbe@rD

25 exploits Active since Dec 2004
CVE-2009-2242 EXPLOITDB text WORKING POC
ASP Inline Corporate Calendar - SQL Injection
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2009-2241 EXPLOITDB text WORKING POC
ASP Inline Corporate Calendar - XSS
Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2008-6258 EXPLOITDB text WORKING POC
QuadComm Q-Shop 3.0 - SQL Injection via UserID or Pwd Parameter
SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108.
CVE-2008-5192 EXPLOITDB text WORKING POC
Philboard 1.14 and 1.2 - SQL Injection via forum.asp forumid Parameter
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
CVE-2008-5273 EXPLOITDB text WORKING POC
Todd Woolums ASP News Mgmt 2.2 - SQL Injection
SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
EIP-2026-115224 EXPLOITDB html WORKING POC
EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC)
CVE-2004-1552 EXPLOITDB text WORKING POC
aspWebCalendar - SQL Injection via Username Field or EventID Parameter
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
CVE-2009-1945 EXPLOITDB text WORKING POC
WebCal 3.04 - SQL Injection via event_id Parameter
SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
EIP-2026-113211 EXPLOITDB text WORKING POC
Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection
CVE-2008-5193 EXPLOITDB text WORKING POC
Philboard 1.14 and 1.2 - Cross-Site Scripting via search.asp searchterms Parameter
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
CVE-2008-7049 EXPLOITDB text WORKING POC
NatterChat 1.1 and 1.12 - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
CVE-2008-6527 EXPLOITDB text WORKING POC
GO4I.NET ASP Forum 1.0 - SQL Injection via iFor Parameter
SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter.
CVE-2008-3154 EXPLOITDB perl WORKING POC
WebBlizzard CMS - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-2626 EXPLOITDB text WORKING POC
battleblog <= 1.25 - SQL Injection via comment.asp Entry Parameter
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
EIP-2026-100446 EXPLOITDB text WORKING POC
MVC-Web CMS 1.0/1.2 - 'newsid' SQL Injection
CVE-2009-1950 EXPLOITDB text WORKING POC
WebEyes Guest Book 3 - SQL Injection
SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter.
CVE-2008-5274 EXPLOITDB text WORKING POC
Todd Woolums ASP News Management 2.2 - Info Disclosure
Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6259 EXPLOITDB text WORKING POC
QuadComm Q-Shop < 3.0 - Cross-Site Scripting via search.asp srkeys Parameter
Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter.
CVE-2008-2132 EXPLOITDB text WRITEUP
Systementor PostcardMentor - SQL Injection via cat_fldAuto Parameter
SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter.
EIP-2026-100122 EXPLOITDB text WORKING POC
asp talk - SQL Injection / Cross-Site Scripting
EIP-2026-100284 EXPLOITDB text WORKING POC
DUdForum 3.0 - 'iFor' SQL Injection
CVE-2008-2868 EXPLOITDB text WORKING POC
DUcalendar < 1.0 - SQL Injection via iEve Parameter
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.
EIP-2026-100218 EXPLOITDB text WORKING POC
Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting
CVE-2008-2688 EXPLOITDB text WORKING POC
pilot_cart 7.3 - SQL Injection via Article Parameter
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
CVE-2009-2243 EXPLOITDB text WORKING POC
ASP Inline Corporate Calendar - SQL Injection
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.