Cyb3r-1sT

59 exploits Active since May 2008
CVE-2008-2457 EXPLOITDB text WORKING POC
bitmixsoft php-jokesite 2.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-7080 EXPLOITDB text WRITEUP
PHP Classifieds Script - Unauthenticated Sensitive Information Exposure via Direct Request
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
CVE-2008-6225 EXPLOITDB text WORKING POC
Mole Group Airline Ticket Sale Script - SQL Injection via info.php flight parameter
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist.
CVE-2008-5046 EXPLOITDB text WORKING POC
Mole Group Pizza Script - SQL Injection via manufacturers_id Parameter
SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter.
CVE-2008-6484 EXPLOITDB text WRITEUP
Mole Group Taxi Calc Dist Script - SQL Injection via login.php User Field
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2008-4376 EXPLOITDB text WORKING POC
Live TV Script - SQL Injection via mid Parameter
SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2008-6050 EXPLOITDB text WORKING POC
Joomla! com_tech_article 1.0 - SQL Injection
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php.
CVE-2009-0329 EXPLOITDB perl WORKING POC
PcCookBook - Joomla! - SQL Injection
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
CVE-2009-0379 EXPLOITDB php WORKING POC
Joomla! com_pcchess - SQL Injection
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
CVE-2009-1736 EXPLOITDB php WORKING POC
Joomla com_gsticketsystem - SQL Injection via catid Parameter
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
CVE-2009-0421 EXPLOITDB php WORKING POC
Joomla com_eventing 1.6.x - SQL Injection via catid Parameter
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2009-2567 EXPLOITDB text WORKING POC
Joomla! com_aclassf <5.6.2 - SQL Injection
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
EIP-2026-108328 EXPLOITDB php WORKING POC
Joomla! Component com_digistore - 'pid' Blind SQL Injection
CVE-2009-0333 EXPLOITDB php WORKING POC
Joomla com_waticketsystem - SQL Injection via catid Parameter
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
EIP-2026-107713 EXPLOITDB text WORKING POC
IBS 0.15 - 'Username' Cross-Site Scripting
EIP-2026-108109 EXPLOITDB text SUSPICIOUS
Job2C 4.2 - 'profile' Arbitrary File Upload
EIP-2026-108107 EXPLOITDB text WORKING POC
Job2C - 'conf.inc' Configuration File Disclosure
EIP-2026-107711 EXPLOITDB text WRITEUP
iBoutique.MALL 1.2 - 'cat' Blind SQL Injection
EIP-2026-107513 EXPLOITDB text WORKING POC
GS Real Estate Portal - Multiple SQL Injections
CVE-2008-6155 EXPLOITDB text WORKING POC
Hispah Text Links Ads 1.1 - SQL Injection via idtl Parameter
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2537 EXPLOITDB text WORKING POC
HispaH Model Search - SQL Injection via cat Parameter
SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-5174 EXPLOITDB text WORKING POC
Jokes Complete Website 2.1.3 - SQL Injection
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
CVE-2008-6608 EXPLOITDB text WORKING POC
DevelopItEasy Events Calendar 1.2 - SQL Injection via User Name, User Pass, or ID Parameter
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to calendar_details.php. NOTE: some of these details are obtained from third party information.
CVE-2009-1665 EXPLOITDB text WORKING POC
Easy Scripts Answer and Question Script - Unauthenticated Arbitrary User Account Deletion via myaccount.php
myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.
CVE-2008-5169 EXPLOITDB text WORKING POC
Drinks Complete Website 2.1.0 - SQL Injection
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.