Salvatore Fresta aka Drosophila

56 exploits Active since Dec 2008
CVE-2010-4517 EXPLOITDB text WRITEUP
JExtensions JE Auto (com_jeauto) 1.0 - SQL Injection via Char Parameter
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
CVE-2011-0511 EXPLOITDB text WRITEUP
com_allcinevid 1.0.0 - SQL Injection via id Parameter
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-4937 EXPLOITDB text WRITEUP
Amblog 1.0 for Joomla! - SQL Injection via articleid or catid Parameter
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
CVE-2010-2848 EXPLOITDB text WRITEUP
InterJoomla ArtForms <2.1b7.2 - Path Traversal
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
EIP-2026-108221 EXPLOITDB text WRITEUP
Joomla! Component Biblioteca 1.0 Beta - Multiple SQL Injections
EIP-2026-108267 EXPLOITDB text WRITEUP
Joomla! Component com_appointinator 1.0.1 - Multiple Vulnerabilities
EIP-2026-108273 EXPLOITDB text WRITEUP
Joomla! Component com_b2portfolio 1.0.0 - Multiple SQL Injections
EIP-2026-108304 EXPLOITDB text WORKING POC
Joomla! Component com_cgtestimonial 2.2 - Multiple Vulnerabilities
EIP-2026-108397 EXPLOITDB text WRITEUP
Joomla! Component com_jgrid 1.0 - Local File Inclusion
EIP-2026-108475 EXPLOITDB text WRITEUP
Joomla! Component com_pbbooking 1.0.4_3 - Multiple Blind SQL Injections
EIP-2026-108482 EXPLOITDB text WORKING POC
Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections
EIP-2026-108553 EXPLOITDB text WRITEUP
Joomla! Component com_spielothek 1.6.9 - Multiple Blind SQL Injections
CVE-2010-4865 EXPLOITDB text WRITEUP
JE Guestbook (com_jeguestbook) 1.0 - SQL Injection
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
EIP-2026-108707 EXPLOITDB text WRITEUP
Joomla! Component JE Messenger 1.0 - Arbitrary File Upload
CVE-2010-4983 EXPLOITDB text WRITEUP
iScripts CyberMatch 1.0 - SQL Injection
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-107966 EXPLOITDB c WORKING POC
iscripts Socialware 2.2.x - Multiple Vulnerabilities
EIP-2026-107965 EXPLOITDB c WORKING POC
iScripts Socialware 2.2.x - Arbitrary File Upload
CVE-2010-4980 EXPLOITDB text WRITEUP
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
EIP-2026-107962 EXPLOITDB text WRITEUP
iScripts MultiCart 2.2 - Multiple SQL Injections
CVE-2010-2624 EXPLOITDB text WRITEUP
iScripts EasySnaps 2.0 - SQL Injection via Comment Parameter
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
EIP-2026-107039 EXPLOITDB text WRITEUP
family connections 2.1.3 - Multiple Vulnerabilities
EIP-2026-107040 EXPLOITDB text WRITEUP
family connections 2.2.3 - Multiple Vulnerabilities
EIP-2026-106745 EXPLOITDB text WRITEUP
eBlog 1.7 - Multiple SQL Injections
EIP-2026-106450 EXPLOITDB text WRITEUP
Digital Scribe 1.4.1 - Multiple SQL Injections
CVE-2008-6242 EXPLOITDB text WRITEUP
Scripts For Sites EZ e-store - SQL Injection via SearchResults.php where Parameter
SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter.