Dcrab

81 exploits Active since Apr 2005
CVE-2005-1224 EXPLOITDB text WRITEUP
DUware DUportal Pro 3.4 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.
CVE-2005-1224 EXPLOITDB text WORKING POC
DUware DUportal Pro 3.4 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.
CVE-2005-1236 EXPLOITDB text WRITEUP
DUware DUportal 3.1.2 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
CVE-2005-1236 EXPLOITDB text WRITEUP
DUware DUportal 3.1.2 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
CVE-2005-1236 EXPLOITDB text WRITEUP
DUware DUportal 3.1.2 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
CVE-2005-1236 EXPLOITDB text WRITEUP
DUware DUportal 3.1.2 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
EIP-2026-100195 EXPLOITDB text WORKING POC
CartWIZ 1.10 - 'TellAFriend.asp' Cross-Site Scripting
EIP-2026-100194 EXPLOITDB text WORKING POC
CartWIZ 1.10 - 'searchresults.asp' SKU Argument Cross-Site Scripting
EIP-2026-100193 EXPLOITDB text WRITEUP
CartWIZ 1.10 - 'searchresults.asp' PriceTo Argument SQL Injection
EIP-2026-100192 EXPLOITDB text WRITEUP
CartWIZ 1.10 - 'searchresults.asp' PriceFrom Argument SQL Injection
EIP-2026-100191 EXPLOITDB text WORKING POC
CartWIZ 1.10 - 'searchresults.asp' Name Argument Cross-Site Scripting
EIP-2026-100190 EXPLOITDB text WRITEUP
CartWIZ 1.10 - 'searchresults.asp' idcategory Argument SQL Injection
EIP-2026-100189 EXPLOITDB text WRITEUP
CartWIZ 1.10 - 'ProductDetails.asp' SQL Injection
EIP-2026-100188 EXPLOITDB text WRITEUP
CartWIZ 1.10 - 'ProductCatalogSubCats.asp' SQL Injection
EIP-2026-100187 EXPLOITDB text WORKING POC
CartWIZ 1.10 - 'login.asp' Redirect Argument Cross-Site Scripting
EIP-2026-100186 EXPLOITDB text WORKING POC
CartWIZ 1.10 - 'login.asp' Message Argument Cross-Site Scripting
EIP-2026-100185 EXPLOITDB text WORKING POC
CartWIZ 1.10 - 'error.asp' Cross-Site Scripting
EIP-2026-100184 EXPLOITDB text WORKING POC
CartWIZ 1.10 - 'AddToWishlist.asp' Cross-Site Scripting
CVE-2005-1224 EXPLOITDB text WORKING POC
DUware DUportal Pro 3.4 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.
CVE-2005-1224 EXPLOITDB text WORKING POC
DUware DUportal Pro 3.4 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.
CVE-2005-1224 EXPLOITDB text WORKING POC
DUware DUportal Pro 3.4 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.
CVE-2005-1224 EXPLOITDB text WORKING POC
DUware DUportal Pro 3.4 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.
EIP-2026-100183 EXPLOITDB text WRITEUP
CartWIZ 1.10 - 'AddToCart.asp' SQL Injection
EIP-2026-100182 EXPLOITDB text WORKING POC
CartWIZ 1.10 - 'Access.asp' Cross-Site Scripting
EIP-2026-100169 EXPLOITDB text WRITEUP
Black Knight Forum 4.0 - 'Member.asp' SQL Injection