R3d-D3V!L

91 exploits Active since Jun 2005
EIP-2026-110029 EXPLOITDB text WRITEUP
Omnistar Affiliate - Authentication Bypass
CVE-2009-3175 EXPLOITDB text WORKING POC
Model Agency Manager PRO - SQL Injection via user_id or id Parameter
Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php.
EIP-2026-109154 EXPLOITDB text WRITEUP
Link Bid Script - 'links.php' SQL Injection
EIP-2026-109181 EXPLOITDB text WORKING POC
Live TV Script - SQL Injection
EIP-2026-108950 EXPLOITDB text WORKING POC
K-Links - Link Directory Script SQL Injection
CVE-2010-2254 EXPLOITDB text WRITEUP
Shape5 Bridge of Hope Template - SQL Injection via id Parameter
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
CVE-2010-0158 EXPLOITDB text WORKING POC
JoomlaBamboo JB Simpla Admin Template - SQL Injection via id Parameter
SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report.
EIP-2026-107791 EXPLOITDB text SUSPICIOUS
Image Hosting Script - Arbitrary File Upload
CVE-2009-4574 EXPLOITDB text WRITEUP
I-Escorts Directory Script - Country Escorts < PHP - SQL Injection
SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
EIP-2026-106615 EXPLOITDB text WRITEUP
DZOIC ClipHouse - Authentication Bypass
EIP-2026-106616 EXPLOITDB text WRITEUP
DZOIC Handshakes - Authentication Bypass
EIP-2026-106364 EXPLOITDB text WORKING POC
Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities
CVE-2009-0462 EXPLOITDB text WORKING POC
ClickTech ClickCart 6.0 - SQL Injection
Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information.
CVE-2009-0297 EXPLOITDB text WORKING POC
ClickAuction - SQL Injection via txtEmail or txtPassword Parameter
SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-6809 EXPLOITDB text WORKING POC
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
CVE-2013-7193 EXPLOITDB text WRITEUP
C2C Forward Auction Creator 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.
CVE-2013-7193 EXPLOITDB text WRITEUP
C2C Forward Auction Creator 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.
EIP-2026-105237 EXPLOITDB text WORKING POC
Article Directory - SQL Injection
EIP-2026-105218 EXPLOITDB text WORKING POC
Arabian YouTube Script - Blind SQL Injection
EIP-2026-105166 EXPLOITDB text WRITEUP
Ampache 3.4.3 - 'login.php' Multiple SQL Injections
EIP-2026-104985 EXPLOITDB text WRITEUP
Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting
EIP-2026-104683 EXPLOITDB perl WORKING POC
vBulletin - Denial of Service
CVE-2008-5641 EXPLOITDB text WORKING POC
Active Photo Gallery 6.2 - SQL Injection
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-5975 EXPLOITDB text WRITEUP
Active Price Comparison 4.0 - SQL Injection
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-100494 EXPLOITDB text WRITEUP
Pre Hotels&Resorts Management System - Authentication Bypass