Salvatore Fresta

87 exploits Active since Dec 2008
EIP-2026-106450 EXPLOITDB text WRITEUP
Digital Scribe 1.4.1 - Multiple SQL Injections
CVE-2009-4925 EXPLOITDB text WRITEUP
Creasito E-commerce Content Manager - SQL Injection
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.
CVE-2009-4794 EXPLOITDB text WORKING POC
Community CMS 0.5 - SQL Injection
Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php.
EIP-2026-105515 EXPLOITDB text WRITEUP
Blink Blog System - Authentication Bypass
CVE-2009-0853 EXPLOITDB text WORKING POC
Stewart Howe Celerbb - Authentication Bypass
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.
EIP-2026-105529 EXPLOITDB text WORKING POC
Blogman 0.45 - Multiple Vulnerabilities
EIP-2026-105514 EXPLOITDB text WORKING POC
blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion
CVE-2008-5751 EXPLOITDB text WRITEUP
AlstraSoft Web Email Script Enterprise - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
CVE-2009-4386 EXPLOITDB text WRITEUP
Venalsur Booking Centre Booking System for Hotels Group - SQL Injection
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
EIP-2026-104937 EXPLOITDB text WORKING POC
adaptbb 1.0b - Multiple Vulnerabilities
EIP-2026-104111 EXPLOITDB text WRITEUP
uhttp Server 0.1.0-alpha - Directory Traversal
EIP-2026-103525 EXPLOITDB c WORKING POC
Jinais IRC Server 0.1.8 - Null Pointer (PoC)