Dedi Dwianto - Security Researcher - Exploit Intelligence Platform

CVE-2006-2107 EXPLOITDB perl WORKING POC

bl4 smtp_server < 0.1.4 - Buffer Overflow via Long EHLO/MAIL FROM/RCPT TO Arguments

Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands.

View Code

CVE-2005-2046 EXPLOITDB text WRITEUP

DUware DUamazon Pro 3.0-3.1 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

View Code

CVE-2005-2046 EXPLOITDB text WRITEUP

DUware DUamazon Pro 3.0-3.1 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

View Code

CVE-2005-2046 EXPLOITDB text WRITEUP

DUware DUamazon Pro 3.0-3.1 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

View Code

EIP-2026-105787 EXPLOITDB text WRITEUP

Cerberus Helpdesk 0.97.3/2.6.1 - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2006-3931 EXPLOITDB c WORKING POC

Midirecord 2.0 - Local Buffer Overflow via Long Command Line Argument

Buffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not be a vulnerability if Midirecord is not installed setuid.

View Code

EIP-2026-100393 EXPLOITDB text WRITEUP

Liberum Help Desk 0.97.3 - Multiple SQL Injections

View Code

CVE-2005-2009 EXPLOITDB text WRITEUP

Ublog Reload 1.0.5 - SQL Injection via ci, d, m, or bi Parameter

Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.

View Code

CVE-2005-2009 EXPLOITDB text WRITEUP

Ublog Reload 1.0.5 - SQL Injection via ci, d, m, or bi Parameter

Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.

View Code

CVE-2005-2010 EXPLOITDB text WORKING POC

ublog_reload 1.0.5 - Cross-Site Scripting via btitle Parameter

Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter.

View Code

EIP-2026-100423 EXPLOITDB text WRITEUP

MetaCart E-Shop - 'ProductsByCategory.asp' Cross-Site Scripting

View Code

CVE-2005-2199 EXPLOITDB text WRITEUP

PPA web photo gallery 0.5.6 - Remote File Inclusion via config[ppa_root_path]

PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.

View Code

CVE-2005-1967 EXPLOITDB text WRITEUP

ProductCart Ecommerce < 2.7 - SQL Injection via idcategory, lid, icd, or idccr Parameter

Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.

View Code

CVE-2005-2046 EXPLOITDB text WRITEUP

DUware DUamazon Pro 3.0-3.1 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

View Code

CVE-2005-1967 EXPLOITDB text WRITEUP

ProductCart Ecommerce < 2.7 - SQL Injection via idcategory, lid, icd, or idccr Parameter

Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.

View Code

CVE-2005-1967 EXPLOITDB text WRITEUP

ProductCart Ecommerce < 2.7 - SQL Injection via idcategory, lid, icd, or idccr Parameter

Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.

View Code

CVE-2005-1967 EXPLOITDB text WRITEUP

ProductCart Ecommerce < 2.7 - SQL Injection via idcategory, lid, icd, or idccr Parameter

Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.

View Code

CVE-2005-2046 EXPLOITDB text WRITEUP

DUware DUamazon Pro 3.0-3.1 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

View Code

CVE-2005-2046 EXPLOITDB text WRITEUP

DUware DUamazon Pro 3.0-3.1 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

View Code

CVE-2005-2049 EXPLOITDB text WRITEUP

DUware DUclassmate 1.2 - SQL Injection via iState or iPro Parameter

Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp.

View Code

CVE-2005-2049 EXPLOITDB text WRITEUP

DUware DUclassmate 1.2 - SQL Injection via iState or iPro Parameter

Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp.

View Code

CVE-2005-2048 EXPLOITDB text WRITEUP

DUware DUforum 3.1 - SQL Injection via iMsg, iFor, or id Parameter

Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.

View Code

CVE-2005-2048 EXPLOITDB text WRITEUP

DUware DUforum 3.1 - SQL Injection via iMsg, iFor, or id Parameter

Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.

View Code

CVE-2005-2048 EXPLOITDB text WRITEUP

DUware DUforum 3.1 - SQL Injection via iMsg, iFor, or id Parameter

Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.

View Code

CVE-2005-2048 EXPLOITDB text WRITEUP

DUware DUforum 3.1 - SQL Injection via iMsg, iFor, or id Parameter

Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.

View Code