R3d-D3V!L

91 exploits Active since Jun 2005
EIP-2026-100444 EXPLOITDB text WORKING POC
Multi-Lingual Application - Blind SQL Injection
CVE-2009-2614 EXPLOITDB text WORKING POC
DataCheck Solutions LinkPal <1 - SQL Injection
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3343 EXPLOITDB text WRITEUP
HotWeb Rentals - SQL Injection via PropId Parameter
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
EIP-2026-100336 EXPLOITDB text WRITEUP
gallery_show.asp - GID Blind SQL Injection
CVE-2009-2365 EXPLOITDB text WORKING POC
DataCheck Solutions GalleryPal FE 1.5 - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6379 EXPLOITDB text WRITEUP
Gallery MX 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-2619 EXPLOITDB text WORKING POC
DataCheck Solutions V-SpacePal - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-100587 EXPLOITDB text WRITEUP
Texas Rankem - 'player_id' SQL Injection
EIP-2026-100558 EXPLOITDB text WRITEUP
Smart ASPad - 'campaignEdit.asp?CCam' Blind SQL Injection
EIP-2026-100552 EXPLOITDB text WORKING POC
SitePal 1.1 - Authentication Bypass
EIP-2026-100523 EXPLOITDB text WRITEUP
RecipePal 1.0 - SQL Injection
CVE-2008-6950 EXPLOITDB text WORKING POC
Bankoi WebHosting Control Panel 1.20 - SQL Injection via Login Username or Password Field
Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
CVE-2008-6889 EXPLOITDB text WRITEUP
ASPreferral 5.3 - SQL Injection via Merchantsadd.asp AccountID Parameter
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
EIP-2026-100131 EXPLOITDB text WRITEUP
ASPGuest - 'edit.asp?ID' Blind SQL Injection
CVE-2008-6366 EXPLOITDB text WORKING POC
Ad Server Solutions Affiliate Software Java 4.0 - SQL Injection via Logon.jsp Parameters
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.
CVE-2008-6365 EXPLOITDB text WORKING POC
Ad Server Solutions Ad Management Software Java - SQL Injection via logon.jsp uname or pass Parameter
SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information.
CVE-2008-5633 EXPLOITDB text WORKING POC
ActiveVotes 2.2 - SQL Injection via Username and Password Parameters
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-5365 EXPLOITDB text WRITEUP
ActiveWebSoftwares ActiveVotes <2.2 - SQL Injection
SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
CVE-2005-2062 EXPLOITDB text WRITEUP
ActiveBuyAndSell 6.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.
EIP-2026-100095 EXPLOITDB text WORKING POC
Active Websurvey 9.1 - Authentication Bypass
CVE-2008-6873 EXPLOITDB text WRITEUP
Active Web Mail 4.0 - SQL Injection via TabOpenQuickTab1 Parameter
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
CVE-2008-5974 EXPLOITDB text WORKING POC
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
CVE-2008-5627 EXPLOITDB text WORKING POC
Active Trade 2 - SQL Injection via Username or Password Parameter
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5959 EXPLOITDB text WORKING POC
Active Test 2.1 - SQL Injection via Useremail or Password Parameter
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2008-5958 EXPLOITDB text WRITEUP
Active Test 2.1 - SQL Injection via QuizID Parameter
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.