L0rd CrusAd3r aka VSN

70 exploits Active since Mar 2010
CVE-2010-0804 EXPLOITDB WORKING POC
iBoutique 4.0 - Cross-Site Scripting via key Parameter in products Action
Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action.
CVE-2009-4935 EXPLOITDB WRITEUP
Online Guestbook Pro - SQL Injection via display Parameter
SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter.
CVE-2010-4984 EXPLOITDB text WRITEUP
My Kazaam Notes Management System - SQL Injection
SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the "Enter Reference Number Below" text box.
CVE-2010-2513 EXPLOITDB text WRITEUP
Harmistechnology Com Jeajaxeventcalendar - SQL Injection
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
CVE-2010-2458 EXPLOITDB text WRITEUP
2daybiz Video Community Portal Script 1.0 - Cross-Site Scripting via videoid Parameter
Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter.
CVE-2010-5026 EXPLOITDB text WRITEUP
Science Fair In A Box <2.0.6, 2.2.0 - SQL Injection
SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2714 EXPLOITDB text WRITEUP
TCW PHP Album 1.0 - SQL Injection via Album Parameter
SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2010-2699 EXPLOITDB text WRITEUP
Edge PHP Clickbank Affiliate Marketplace Script - SQL Injection
SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2010-2459 EXPLOITDB text WRITEUP
2daybiz Video Community Portal Script 1.0 - SQL Injection via videoid Parameter
SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter.
EIP-2026-113345 EXPLOITDB text WRITEUP
Webring Script - SQL Injection
CVE-2010-2715 EXPLOITDB text WRITEUP
TCW PHP Album 1.0 - Cross-Site Scripting via Album Parameter
Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
EIP-2026-112746 EXPLOITDB text WRITEUP
Top Sites Script - SQL Injection
EIP-2026-112146 EXPLOITDB text WRITEUP
SimpleAssets - Authentication Bypass / Cross-Site Scripting
EIP-2026-112286 EXPLOITDB text WORKING POC
Social Community Script - SQL Injection
CVE-2010-2460 EXPLOITDB text WRITEUP
JCE-Tech Shareasale Script 1 - SQL Injection via merchant_id Parameter
SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter.
EIP-2026-112028 EXPLOITDB text WORKING POC
Shopping Cart Script with Affiliate Program - SQL Injection
CVE-2010-5027 EXPLOITDB text WRITEUP
Science Fair In A Box <2.0.6, 2.2.0 - XSS
Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-112043 EXPLOITDB text WRITEUP
Sillaj time tracking tool - Authentication Bypass
EIP-2026-111476 EXPLOITDB text WRITEUP
Pre Job Board Pro - Authentication Bypass
EIP-2026-111470 EXPLOITDB text WRITEUP
Pre Classified Listing - SQL Injection
EIP-2026-110912 EXPLOITDB text WRITEUP
PHPAccess - SQL Injection
EIP-2026-110546 EXPLOITDB text WORKING POC
PenPals - Authentication Bypass
EIP-2026-110659 EXPLOITDB text WRITEUP
PHP Calendars Script - SQL Injection
EIP-2026-110745 EXPLOITDB text WRITEUP
PHP Property Rental Script - SQL Injection / Cross-Site Scripting
CVE-2010-2357 EXPLOITDB text WRITEUP
Eicra Realestate Script 1.0 and 1.6.0 - SQL Injection via p_id Parameter
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.