OoN_Boy

50 exploits Active since Apr 2009
CVE-2010-1979 EXPLOITDB text WORKING POC
Affiliate Datafeeds (com_datafeeds) build 880 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108207 EXPLOITDB text WORKING POC
Joomla! Component Appointment 1.5 - Local File Inclusion
CVE-2010-1714 EXPLOITDB text WORKING POC
com_arcadegames 1.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1494 EXPLOITDB text WORKING POC
Joomla! com_awdwall 1.5.4 - Path Traversal
Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108360 EXPLOITDB text WORKING POC
Joomla! Component com_google - Local File Inclusion
EIP-2026-108384 EXPLOITDB text WORKING POC
Joomla! Component com_jajobboard - Multiple Local File Inclusions
EIP-2026-108524 EXPLOITDB text WORKING POC
Joomla! Component com_s5clanroster - Local File Inclusion
EIP-2026-108529 EXPLOITDB text WORKING POC
Joomla! Component com_sebercart - 'getPic.php' Local File Disclosure
EIP-2026-108554 EXPLOITDB text WORKING POC
Joomla! Component com_spsnewsletter - Local File Inclusion
EIP-2026-108591 EXPLOITDB text WORKING POC
Joomla! Component com_webeecomment 2.0 - Local File Inclusion
EIP-2026-108592 EXPLOITDB text WORKING POC
Joomla! Component com_wgpicasa - Local File Inclusion
EIP-2026-108618 EXPLOITDB text WORKING POC
Joomla! Component CV Maker 1.0 - Local File Inclusion
CVE-2010-1955 EXPLOITDB text WORKING POC
Deluxe Blog Factory (com_blogfactory) 1.1.2 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
EIP-2026-108622 EXPLOITDB text WORKING POC
Joomla! Component Digital Diary 1.5.0 - Local File Inclusion
EIP-2026-108650 EXPLOITDB text WORKING POC
Joomla! Component FlashGames 1.5.0 - Local File Inclusion
CVE-2009-3349 EXPLOITDB text WORKING POC
Datavore Gyro 5.0 - SQL Injection via cid Parameter in Home Component
SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.
EIP-2026-106891 EXPLOITDB text WRITEUP
Entrepreneur Job Portal Script 2.06 - SQL Injection
EIP-2026-105615 EXPLOITDB text WRITEUP
BPStudent 1.0 - Blind SQL Injection
CVE-2009-3502 EXPLOITDB text WRITEUP
BPowerHouse BPMusic 1.0 - SQL Injection via music_id Parameter
SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.
CVE-2009-3500 EXPLOITDB perl WORKING POC
BPowerHouse BPGames 1.0 - SQL Injection via cat_id or game_id Parameter
Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php.
EIP-2026-105356 EXPLOITDB text WRITEUP
B2B Portal Script - Blind SQL Injection
EIP-2026-104972 EXPLOITDB text WRITEUP
Advance MLM Script - SQL Injection
CVE-2009-3436 EXPLOITDB text WORKING POC
MaxWebPortal - SQL Injection via FORUM_ID or CAT_ID Parameter
Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. NOTE: this might overlap CVE-2005-1417.
CVE-2009-3499 EXPLOITDB text WRITEUP
BPowerHouse BPLawyerCaseDocuments 1.0 - SQL Injection via employee.aspx cat Parameter
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2009-3503 EXPLOITDB text WRITEUP
BPHolidayLettings 1.0 - SQL Injection via search.aspx rid or tid Parameter
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.