Dj_Eyes

11 exploits Active since Dec 2005
CVE-2006-2300 EXPLOITDB text WRITEUP
EImagePro - SQL Injection via CatID, SubjectID, or Pic Parameter
Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.
CVE-2006-0669 EXPLOITDB text WORKING POC
GA's Forum Light - SQL Injection via Forum and Pages Parameters
Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments
CVE-2006-2293 EXPLOITDB text WORKING POC
MultiCalendars 3.0 - SQL Injection via calsids Parameter
SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-4259 EXPLOITDB text WRITEUP
ASPBB 0.4 - SQL Injection via TID, FORUM_ID, or PROFILE_ID Parameters
Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (2) FORUM_ID parameter in forum.asp, and (3) PROFILE_ID parameter in profile.asp. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
CVE-2005-4166 EXPLOITDB text WRITEUP
DUWare DUportal Pro 3.4.3 - Cross-Site Scripting via password.asp result Parameter
Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter.
CVE-2005-4256 EXPLOITDB text WRITEUP
ASP-DEV XM Forum RC3 - Cross-Site Scripting via forum_title Parameter
Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition, its accuracy is in question because "forum_title" does not appear to be specified in the source code for XM Forum RC3. It is possible, but not certain, that this is CVE-2004-2211.
CVE-2006-2300 EXPLOITDB text WRITEUP
EImagePro - SQL Injection via CatID, SubjectID, or Pic Parameter
Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.
CVE-2006-2306 EXPLOITDB text WRITEUP
EPublisherPro - Cross-Site Scripting via Title Parameter
Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2296 EXPLOITDB text WRITEUP
EDirectoryPro < 2.0 - SQL Injection via search_result.asp Keyword Parameter
SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-4259 EXPLOITDB text WRITEUP
ASPBB 0.4 - SQL Injection via TID, FORUM_ID, or PROFILE_ID Parameters
Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (2) FORUM_ID parameter in forum.asp, and (3) PROFILE_ID parameter in profile.asp. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
CVE-2005-4259 EXPLOITDB text WRITEUP
ASPBB 0.4 - SQL Injection via TID, FORUM_ID, or PROFILE_ID Parameters
Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (2) FORUM_ID parameter in forum.asp, and (3) PROFILE_ID parameter in profile.asp. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.