EcHoLL

15 exploits Active since Jan 2008
CVE-2008-5864 EXPLOITDB perl WORKING POC
Joomla! <1.0.0 - SQL Injection
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2008-5865 EXPLOITDB perl WORKING POC
Hotel Booking Reservation System 1.0.0 - com_hbssearch - SQL Injection
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
CVE-2007-6620 EXPLOITDB text WORKING POC
Joovili 2.x - Path Traversal
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
CVE-2008-5874 EXPLOITDB perl WORKING POC
Hotel Booking Reservation System - Joomla! SQL Injection
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
CVE-2008-4653 EXPLOITDB text WORKING POC
Xoops Makale - SQL Injection
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5665 EXPLOITDB text WORKING POC
XOOPS - SQL Injection
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2008-5321 EXPLOITDB perl WORKING POC
GesGaleri - SQL Injection
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2007-6621 EXPLOITDB text WORKING POC
Joovili <3.0.6 - Path Traversal
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
EIP-2026-108857 EXPLOITDB text WORKING POC
Joomla! Component simple_review 1.x - SQL Injection
CVE-2008-5875 EXPLOITDB perl WORKING POC
Joomla! - SQL Injection
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
EIP-2026-108601 EXPLOITDB perl WORKING POC
Joomla! Component com_xevidmegahd - SQL Injection
CVE-2009-0702 EXPLOITDB perl WORKING POC
Joomla! - SQL Injection
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
EIP-2026-108456 EXPLOITDB text WORKING POC
Joomla! Component com_newsflash - 'id' SQL Injection
EIP-2026-108452 EXPLOITDB perl WORKING POC
Joomla! Component com_na_newsdescription - 'newsid' SQL Injection
EIP-2026-108385 EXPLOITDB perl WORKING POC
Joomla! Component com_jashowcase - 'catid' SQL Injection