John Martinelli

16 exploits Active since Apr 2007
CVE-2007-2757 EXPLOITDB html WORKING POC
Redoable 1.2 - Cross-Site Scripting via Search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php.
CVE-2007-1956 EXPLOITDB text WRITEUP
ubb.threads < 6.1.1 - SQL Injection via C Parameter
SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.
CVE-2007-2547 EXPLOITDB text WORKING POC
TurnkeyWebTools SunShop Shopping Cart 4.0 - Cross-Site Scripting via l Parameter
Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.
CVE-2007-2549 EXPLOITDB text WORKING POC
TurnkeyWebTools SunShop <4.0 - SQL Injection
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.
CVE-2007-1905 EXPLOITDB text WORKING POC
QuizShock < 1.6.1 - Cross-Site Scripting via auth.php forward_to Parameter
Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "&lt;&quot;&lt;".
CVE-2007-2207 EXPLOITDB html WORKING POC
ripe_website_manager < 0.8.4 - SQL Injection via ripeformpost Parameter
SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter.
CVE-2007-2247 EXPLOITDB html WORKING POC
phpMySpace Gold 8.10 - SQL Injection via item_id Parameter
SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
EIP-2026-109976 EXPLOITDB text WORKING POC
NuclearBB Alpha 1 - Multiple SQL Injections
EIP-2026-107598 EXPLOITDB text WORKING POC
HLstats 1.35 - 'hlstats.php' Multiple Cross-Site Scripting Vulnerabilities
CVE-2007-2806 EXPLOITDB html WORKING POC
GaliX 2.0 - Cross-Site Scripting via galix_cat_detail, galix_gal_detail, or galix_cat_detail_sort Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters.
CVE-2007-2011 EXPLOITDB html WORKING POC
DeskPro 2.0.1 - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
EIP-2026-105953 EXPLOITDB html WORKING POC
ClonusWiki 0.5 - 'index.php' HTML Injection
CVE-2007-1996 EXPLOITDB html WORKING POC
CodeBreak < 1.1.2 - Remote Code Execution via process_method Parameter
PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.
EIP-2026-106006 EXPLOITDB text WRITEUP
CMSCart 1.04 - 'maindatafunctions.php' SQL Injection
CVE-2007-3049 EXPLOITDB text WRITEUP
Buttercup web file manager May 2007 - Cross-Site Scripting via Title Parameter
Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
EIP-2026-100606 EXPLOITDB html WORKING POC
VP-ASP Shopping Cart 6.50 - 'ShopContent.asp' Cross-Site Scripting