R3d-D3V!L

91 exploits Active since Jun 2005
CVE-2008-5974 EXPLOITDB text WORKING POC
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
CVE-2008-6286 EXPLOITDB text WORKING POC
Active Newsletter 4.3 - SQL Injection via Email or Password Parameter
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-5635 EXPLOITDB text WORKING POC
Active Membership 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2009-4437 EXPLOITDB text WRITEUP
Active Auction House 3.6 - SQL Injection
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
CVE-2008-5634 EXPLOITDB text WORKING POC
Active Force Matrix 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2009-4436 EXPLOITDB text WRITEUP
eWebquiz 8 - SQL Injection via QuizID Parameter
Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.
CVE-2008-5631 EXPLOITDB text WORKING POC
Active eWebquiz 8.0 - SQL Injection
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-100313 EXPLOITDB text WRITEUP
Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections
EIP-2026-100292 EXPLOITDB text WORKING POC
E-Smart Cart - SQL Injection
CVE-2013-7192 EXPLOITDB text WRITEUP
Dynamic Biz Website Builder - SQL Injection
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
CVE-2013-7192 EXPLOITDB text WRITEUP
Dynamic Biz Website Builder - SQL Injection
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
CVE-2006-4524 EXPLOITDB text WORKING POC
Digiappz Freekot 1.01 - SQL Injection via Login or Password Parameters
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.
EIP-2026-100208 EXPLOITDB text WORKING POC
ClickTrackerASP - 'sitedetails.asp?siteid' SQL Injection
EIP-2026-100196 EXPLOITDB text WRITEUP
Charon Cart 3.0 - 'ContentID' Blind SQL Injection
CVE-2008-6378 EXPLOITDB text WRITEUP
Calendar Mx Professional 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2008-6364 EXPLOITDB text WRITEUP
Ad Server Solutions Banner Exchange Solution Java - SQL Injection via Logon Process
SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.