Salvatore Fresta

87 exploits Active since Dec 2008
EIP-2026-110794 EXPLOITDB text WORKING POC
PHP-Agenda 2.2.5 - Remote File Overwriting
CVE-2009-3666 EXPLOITDB text WRITEUP
Nullam Blog 0.1.2 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action.
CVE-2009-0882 EXPLOITDB text WORKING POC
nForum 1.5 - SQL Injection via id or user Parameter
Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.
EIP-2026-109757 EXPLOITDB text WRITEUP
mycart 2.0 - Multiple Vulnerabilities
EIP-2026-109630 EXPLOITDB text WRITEUP
multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities
EIP-2026-109356 EXPLOITDB text WORKING POC
Max.Blog 1.0.6 - 'show_post.php' SQL Injection
EIP-2026-109490 EXPLOITDB text WRITEUP
Miniweb 2.0 - Full Path Disclosure
EIP-2026-109357 EXPLOITDB text WRITEUP
Max.Blog 1.0.6 - 'submit_post.php' SQL Injection
CVE-2009-0409 EXPLOITDB text WORKING POC
Max.Blog <= 1.0.6 - SQL Injection via Username Parameter
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
EIP-2026-109202 EXPLOITDB text WORKING POC
Loggix Project 9.4.5 - 'refer_id' Blind SQL Injection
EIP-2026-109063 EXPLOITDB text WRITEUP
lanewsfactory - Multiple Vulnerabilities
CVE-2010-2909 EXPLOITDB text WRITEUP
Joomla! com_ttvideo 1.0 - SQL Injection
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
CVE-2010-4926 EXPLOITDB text WRITEUP
com_timetrack 1.2.4 - SQL Injection via ct_id Parameter
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
CVE-2010-4941 EXPLOITDB text WRITEUP
com_teams 1_1028_100809_1711 - SQL Injection via PlayerID Parameter
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
EIP-2026-108845 EXPLOITDB text WRITEUP
Joomla! Component redSHOP 1.0.23.1 - Blind SQL Injection
EIP-2026-108826 EXPLOITDB text WRITEUP
Joomla! Component People 1.0.0 - SQL Injection
CVE-2010-4795 EXPLOITDB text WRITEUP
JS Calendar (com_jscalendar) 1.5.1-1.5.4 - SQL Injection
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4638 EXPLOITDB text WRITEUP
com_jquarks4s 1.0.0 - SQL Injection via submitSurvey q Parameter
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
EIP-2026-108707 EXPLOITDB text WRITEUP
Joomla! Component JE Messenger 1.0 - Arbitrary File Upload
CVE-2009-0730 EXPLOITDB text WORKING POC
GigCalendar (com_gigcal) 1.0 - SQL Injection via gigcal_venues_id or gigcal_bands_id Parameter
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
CVE-2011-0511 EXPLOITDB text WRITEUP
com_allcinevid 1.0.0 - SQL Injection via id Parameter
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-4937 EXPLOITDB text WRITEUP
Amblog 1.0 for Joomla! - SQL Injection via articleid or catid Parameter
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
CVE-2010-2848 EXPLOITDB text WRITEUP
InterJoomla ArtForms <2.1b7.2 - Path Traversal
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
EIP-2026-108221 EXPLOITDB text WRITEUP
Joomla! Component Biblioteca 1.0 Beta - Multiple SQL Injections
EIP-2026-108267 EXPLOITDB text WRITEUP
Joomla! Component com_appointinator 1.0.1 - Multiple Vulnerabilities