Salvatore Fresta aka Drosophila

56 exploits Active since Dec 2008
CVE-2010-2847 EXPLOITDB text WRITEUP
InterJoomla ArtForms 2.1b7.2 RC2 - SQL Injection
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
CVE-2010-2846 EXPLOITDB text WRITEUP
InterJoomla ArtForms 2.1b7.2 - XSS
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.
CVE-2010-4794 EXPLOITDB text WRITEUP
JoomlaSeller JS Calendar 1.5.1-1.5.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3665 EXPLOITDB text WRITEUP
Nullam Blog - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action.
CVE-2009-3664 EXPLOITDB text WRITEUP
Nullam Blog - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. (dot dot) in the (1) p and (2) s parameters.
EIP-2026-118935 EXPLOITDB c WORKING POC
MX Simulator Server - Remote Buffer Overflow
EIP-2026-114596 EXPLOITDB text WRITEUP
Zen Cart 1.3.9h - Local File Inclusion
CVE-2009-4351 EXPLOITDB text WRITEUP
WSCreator 1.1 - SQL Injection
SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.
EIP-2026-113402 EXPLOITDB text WRITEUP
WhiteBoard 0.1.30 - Multiple Blind SQL Injections
CVE-2009-3494 EXPLOITDB text WRITEUP
Todor Lazarov T-htb Manager - SQL Injection
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.
EIP-2026-112408 EXPLOITDB text WRITEUP
Squirrelcart PRO 3.0.0 - Blind SQL Injection
EIP-2026-111887 EXPLOITDB text WRITEUP
sandbox 2.0.3 - Multiple Vulnerabilities
CVE-2010-4143 EXPLOITDB text WRITEUP
Phpcheckz - SQL Injection
SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-111023 EXPLOITDB text WORKING POC
phpCollegeExchange 0.1.5c - Multiple SQL Injections
CVE-2009-3666 EXPLOITDB text WRITEUP
Nullam Blog - XSS
Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action.
EIP-2026-109757 EXPLOITDB text WRITEUP
mycart 2.0 - Multiple Vulnerabilities
EIP-2026-109490 EXPLOITDB text WRITEUP
Miniweb 2.0 - Full Path Disclosure
EIP-2026-109063 EXPLOITDB text WRITEUP
lanewsfactory - Multiple Vulnerabilities
CVE-2010-4638 EXPLOITDB text WRITEUP
Iptechinside Com Jquarks4s - SQL Injection
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
CVE-2010-2909 EXPLOITDB text WRITEUP
Joomla! com_ttvideo 1.0 - SQL Injection
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
CVE-2010-4795 EXPLOITDB text WRITEUP
JS Calendar (com_jscalendar) 1.5.1-1.5.4 - SQL Injection
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
EIP-2026-108826 EXPLOITDB text WRITEUP
Joomla! Component People 1.0.0 - SQL Injection
CVE-2010-4941 EXPLOITDB text WRITEUP
Joomla! com_teams - SQL Injection
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
EIP-2026-108845 EXPLOITDB text WRITEUP
Joomla! Component redSHOP 1.0.23.1 - Blind SQL Injection
CVE-2010-4926 EXPLOITDB text WRITEUP
TimeTrack <1.2.4 - SQL Injection
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.