EcHoLL

15 exploits Active since Jan 2008
CVE-2008-5864 EXPLOITDB perl WORKING POC
com_tophotelmodule 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2008-5865 EXPLOITDB perl WORKING POC
Hotel Booking Reservation System 1.0.0 - com_hbssearch - SQL Injection
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
CVE-2007-6620 EXPLOITDB text WORKING POC
Joovili 2.x - Path Traversal via Picture Parameter
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
CVE-2008-5874 EXPLOITDB perl WORKING POC
Hotel Booking Reservation System - Joomla! SQL Injection
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
CVE-2008-4653 EXPLOITDB text WORKING POC
Makale 0.26 - SQL Injection via id Parameter
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5665 EXPLOITDB text WORKING POC
XOOPS xhresim module - SQL Injection via index.php no Parameter
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2008-5321 EXPLOITDB perl WORKING POC
GesGaleri - SQL Injection via Index.php No Parameter
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2007-6621 EXPLOITDB text WORKING POC
Joovili 3.0.0-3.0.6 - Path Traversal via Picture Parameter
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
EIP-2026-108857 EXPLOITDB text WORKING POC
Joomla! Component simple_review 1.x - SQL Injection
CVE-2008-5875 EXPLOITDB perl WORKING POC
com_lowcosthotels - SQL Injection via id Parameter
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
EIP-2026-108601 EXPLOITDB perl WORKING POC
Joomla! Component com_xevidmegahd - SQL Injection
CVE-2009-0702 EXPLOITDB perl WORKING POC
Phoca com_phocadocumentation - SQL Injection via id Parameter
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
EIP-2026-108456 EXPLOITDB text WORKING POC
Joomla! Component com_newsflash - 'id' SQL Injection
EIP-2026-108452 EXPLOITDB perl WORKING POC
Joomla! Component com_na_newsdescription - 'newsid' SQL Injection
EIP-2026-108385 EXPLOITDB perl WORKING POC
Joomla! Component com_jashowcase - 'catid' SQL Injection