Salvatore Fresta

87 exploits Active since Dec 2008
EIP-2026-108273 EXPLOITDB text WRITEUP
Joomla! Component com_b2portfolio 1.0.0 - Multiple SQL Injections
CVE-2009-1263 EXPLOITDB text WORKING POC
com_bookjoomlas 0.1 - SQL Injection via gbid Parameter
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.
EIP-2026-108304 EXPLOITDB text WORKING POC
Joomla! Component com_cgtestimonial 2.2 - Multiple Vulnerabilities
EIP-2026-108397 EXPLOITDB text WRITEUP
Joomla! Component com_jgrid 1.0 - Local File Inclusion
EIP-2026-108475 EXPLOITDB text WRITEUP
Joomla! Component com_pbbooking 1.0.4_3 - Multiple Blind SQL Injections
EIP-2026-108482 EXPLOITDB text WORKING POC
Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections
EIP-2026-108553 EXPLOITDB text WRITEUP
Joomla! Component com_spielothek 1.6.9 - Multiple Blind SQL Injections
CVE-2010-4517 EXPLOITDB text WRITEUP
JExtensions JE Auto (com_jeauto) 1.0 - SQL Injection via Char Parameter
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
CVE-2010-4865 EXPLOITDB text WRITEUP
JE Guestbook (com_jeguestbook) 1.0 - SQL Injection
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
EIP-2026-107966 EXPLOITDB c WORKING POC
iscripts Socialware 2.2.x - Multiple Vulnerabilities
EIP-2026-107965 EXPLOITDB c WORKING POC
iScripts Socialware 2.2.x - Arbitrary File Upload
CVE-2010-4980 EXPLOITDB text WRITEUP
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
EIP-2026-107962 EXPLOITDB text WRITEUP
iScripts MultiCart 2.2 - Multiple SQL Injections
CVE-2010-2624 EXPLOITDB text WRITEUP
iScripts EasySnaps 2.0 - SQL Injection via Comment Parameter
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
CVE-2010-4983 EXPLOITDB text WRITEUP
iScripts CyberMatch 1.0 - SQL Injection
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-106745 EXPLOITDB text WRITEUP
eBlog 1.7 - Multiple SQL Injections
CVE-2009-4805 EXPLOITDB text WORKING POC
EZ-Blog Beta 1 - SQL Injection via StoryID or Kill Parameter
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php.
EIP-2026-107042 EXPLOITDB text WORKING POC
Family Connections CMS 1.8.2 - Blind SQL Injection
EIP-2026-107040 EXPLOITDB text WRITEUP
family connections 2.2.3 - Multiple Vulnerabilities
EIP-2026-107039 EXPLOITDB text WRITEUP
family connections 2.1.3 - Multiple Vulnerabilities
EIP-2026-107038 EXPLOITDB c WORKING POC
Family Connections 1.8.2 - Arbitrary File Upload
CVE-2009-4791 EXPLOITDB text WORKING POC
Family Connections <1.8.2 - SQL Injection
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php.
CVE-2009-4719 EXPLOITDB text WORKING POC
Discloser 0.0.4 rc2 - SQL Injection
SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter.
CVE-2008-6242 EXPLOITDB text WRITEUP
Scripts For Sites EZ e-store - SQL Injection via SearchResults.php where Parameter
SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter.
EIP-2026-106606 EXPLOITDB text WORKING POC
dynamic flash forum 1.0 Beta - Multiple Vulnerabilities