R3d-D3V!L

91 exploits Active since Jun 2005
CVE-2008-1909 EXPLOITDB WORKING POC
PHPKB Knowledge Base 1.5 and 2.0 - SQL Injection via ID Parameter
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2011-0644 EXPLOITDB text WORKING POC
PHPCMS 2008 V2 - SQL Injection via modelid Parameter
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
CVE-2010-2256 EXPLOITDB text WORKING POC
Pay Per Minute Video Chat Script 2.0-2.1 - Cross-Site Scripting via id Parameter or model Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php.
CVE-2010-0974 EXPLOITDB text WRITEUP
PHPCityPortal - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php.
CVE-2008-5973 EXPLOITDB text WORKING POC
Active Web Mail 4.0 - SQL Injection
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
EIP-2026-116542 EXPLOITDB perl WORKING POC
Winamp 5.572 - Local Crash (PoC)
EIP-2026-116080 EXPLOITDB perl WORKING POC
Portable AVS DVD Authoring 1.3.3.51 - Local Crash (PoC)
EIP-2026-115599 EXPLOITDB perl WORKING POC
Media Player Classic 1.3.1774.0 - mpcpl Local Denial of Service (PoC)
EIP-2026-114925 EXPLOITDB text WORKING POC
Aqua Real 1.0/2.0 - Local Crash (PoC)
EIP-2026-114926 EXPLOITDB perl WORKING POC
Aqua Real Screensaver - '.ar' Buffer Overflow
CVE-2008-6809 EXPLOITDB text WORKING POC
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
EIP-2026-112236 EXPLOITDB text WORKING POC
Smart Statistics 1.0 - 'smart_Statistics_admin.php' Cross-Site Scripting
EIP-2026-111765 EXPLOITDB text WORKING POC
ReVou Software - SQL Injection
CVE-2008-7083 EXPLOITDB text WORKING POC
ReVou Micro Blogging Twitter clone - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
EIP-2026-111473 EXPLOITDB text WRITEUP
Pre Hospital Management System - 'department.php?id' SQL Injection
EIP-2026-111474 EXPLOITDB text WORKING POC
Pre Hospital Management System - Authentication Bypass
CVE-2010-5047 EXPLOITDB text WORKING POC
V-EVA Press Release Script - SQL Injection
SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6329 EXPLOITDB text WORKING POC
Pre ASP Job Board - SQL Injection via Username or Password Parameter
SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party information.
CVE-2011-0645 EXPLOITDB text WORKING POC
PHPCMS 2008 V2 - SQL Injection via where_time Parameter
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
CVE-2011-0645 EXPLOITDB text WORKING POC
PHPCMS 2008 V2 - SQL Injection via where_time Parameter
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
CVE-2010-0975 EXPLOITDB text WRITEUP
PHPCityPortal - Remote Code Execution via external.php URL Parameter
PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
CVE-2008-5088 EXPLOITDB text WORKING POC
PHPKB Knowledge Base Software 1.5 Professional - SQL Injection via ID Parameter
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.
CVE-2010-2257 EXPLOITDB text WORKING POC
Pay Per Minute Video Chat Script 2.0-2.1 - SQL Injection via index_ie.php page Parameter
SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
EIP-2026-110501 EXPLOITDB text WORKING POC
Pay Per Minute Video Chat Script 2.x - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-110349 EXPLOITDB text WORKING POC
Osclass - Multiple Input Validation Vulnerabilities