InjEctOr

9 exploits Active since May 2008
CVE-2008-6003 EXPLOITDB text WORKING POC
AJ Auction Pro Platinum 2 - SQL Injection
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
CVE-2008-2180 EXPLOITDB text WORKING POC
cpLinks 1.03 - SQL Injection via Admin Username or Search Parameters
Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php. NOTE: some of these details are obtained from third party information.
CVE-2008-2177 EXPLOITDB text WORKING POC
phpDirectorySource 1.1.06 - SQL Injection via lid or login Parameter
Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.
CVE-2008-2113 EXPLOITDB text WORKING POC
PHPEasyData 1.5.4 - SQL Injection via annuaire.php cat_id Parameter
SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-6656 EXPLOITDB text WORKING POC
Open Auto Classifieds 1.4.3b - SQL Injection via Listings ID Parameter or Login Username Field
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php.
CVE-2008-2461 EXPLOITDB text WORKING POC
Netious CMS 0.4 - SQL Injection via Pageid Parameter
SQL injection vulnerability in index.php in Netious CMS 0.4 allows remote attackers to execute arbitrary SQL commands via the pageid parameter, a different vector than CVE-2006-4047.
CVE-2008-2181 EXPLOITDB text WORKING POC
cpLinks 1.03 - Cross-Site Scripting via search_text and search_category Parameters
Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtained from third party information.
CVE-2008-6004 EXPLOITDB text WORKING POC
AJ Auction Pro Platinum 2 - Cross-Site Scripting via search.php product parameter
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
CVE-2008-2124 EXPLOITDB text WRITEUP
fipsASP fipsCMS - SQL Injection via lg Parameter
SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.