Salvatore Fresta

87 exploits Active since Dec 2008
EIP-2026-110794 EXPLOITDB text WORKING POC
PHP-Agenda 2.2.5 - Remote File Overwriting
CVE-2009-3666 EXPLOITDB text WRITEUP
Nullam Blog - XSS
Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action.
CVE-2009-0882 EXPLOITDB text WORKING POC
Roman Bogorodskiy Nforum - SQL Injection
Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.
EIP-2026-109757 EXPLOITDB text WRITEUP
mycart 2.0 - Multiple Vulnerabilities
EIP-2026-109630 EXPLOITDB text WRITEUP
multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities
EIP-2026-109356 EXPLOITDB text WORKING POC
Max.Blog 1.0.6 - 'show_post.php' SQL Injection
EIP-2026-109490 EXPLOITDB text WRITEUP
Miniweb 2.0 - Full Path Disclosure
EIP-2026-109357 EXPLOITDB text WRITEUP
Max.Blog 1.0.6 - 'submit_post.php' SQL Injection
CVE-2009-0409 EXPLOITDB text WORKING POC
Max.Blog <1.0.6 - SQL Injection
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
EIP-2026-109202 EXPLOITDB text WORKING POC
Loggix Project 9.4.5 - 'refer_id' Blind SQL Injection
EIP-2026-109063 EXPLOITDB text WRITEUP
lanewsfactory - Multiple Vulnerabilities
CVE-2010-2909 EXPLOITDB text WRITEUP
Joomla! com_ttvideo 1.0 - SQL Injection
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
CVE-2010-4926 EXPLOITDB text WRITEUP
TimeTrack <1.2.4 - SQL Injection
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
CVE-2010-4941 EXPLOITDB text WRITEUP
Joomla! com_teams - SQL Injection
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
EIP-2026-108845 EXPLOITDB text WRITEUP
Joomla! Component redSHOP 1.0.23.1 - Blind SQL Injection
EIP-2026-108826 EXPLOITDB text WRITEUP
Joomla! Component People 1.0.0 - SQL Injection
CVE-2010-4795 EXPLOITDB text WRITEUP
JS Calendar (com_jscalendar) 1.5.1-1.5.4 - SQL Injection
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4638 EXPLOITDB text WRITEUP
Iptechinside Com Jquarks4s - SQL Injection
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
EIP-2026-108707 EXPLOITDB text WRITEUP
Joomla! Component JE Messenger 1.0 - Arbitrary File Upload
CVE-2009-0730 EXPLOITDB text WORKING POC
GigCalendar 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
CVE-2011-0511 EXPLOITDB text WRITEUP
Joomtraders Com Allcinevid - SQL Injection
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-4937 EXPLOITDB text WRITEUP
Amblog 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
CVE-2010-2848 EXPLOITDB text WRITEUP
InterJoomla ArtForms <2.1b7.2 - Path Traversal
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
EIP-2026-108221 EXPLOITDB text WRITEUP
Joomla! Component Biblioteca 1.0 Beta - Multiple SQL Injections
EIP-2026-108267 EXPLOITDB text WRITEUP
Joomla! Component com_appointinator 1.0.1 - Multiple Vulnerabilities