Sid3^effects

115 exploits Active since Jan 2007
CVE-2010-2911 EXPLOITDB text WRITEUP
Kayako eSupport <3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
CVE-2010-1703 EXPLOITDB text WRITEUP
2daybiz Polls Script - Cross-Site Scripting via Category Parameter or Search Field
Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field.
CVE-2010-5010 EXPLOITDB text WRITEUP
SchoolMation 2.3 - Cross-Site Scripting via Session Parameter
Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.
CVE-2010-1604 EXPLOITDB text WRITEUP
NCT Jobs Portal Script - SQL Injection via admin_login.php User and Passwd Parameters
Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) user parameter (aka login field) and (2) passwd parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2010-5035 EXPLOITDB text WRITEUP
iScripts eSwap 2.0 - Cross-Site Scripting via txtHomeSearch Parameter
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
CVE-2010-5018 EXPLOITDB text WRITEUP
2daybiz Online Classified Script - XSS
Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2010-2697 EXPLOITDB text WRITEUP
Sijio Community Software - Authenticated Stored Cross-Site Scripting via Blog Title Parameter
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-2696 EXPLOITDB text WRITEUP
Sijio Community Software - SQL Injection
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.
CVE-2010-2354 EXPLOITDB text WRITEUP
Pilot Group eLMS Pro - SQL Injection via subscribe.php course_id Parameter
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
CVE-2010-2439 EXPLOITDB python WORKING POC
MoreAmp - Stack-based Buffer Overflow via Long Line in Song List File
Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).
EIP-2026-114542 EXPLOITDB text WORKING POC
Your Articles Directory - Login Option SQL Injection
CVE-2010-4971 EXPLOITDB text WORKING POC
VideoWhisper PHP 2 Way Video Chat - Cross-Site Scripting via r Parameter
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php.
EIP-2026-112940 EXPLOITDB text WRITEUP
V-EVA Classified Script 5.1 - 'classified_img.php' SQL Injection
EIP-2026-112309 EXPLOITDB text WRITEUP
Socialware 2.2 - Upload / Cross-Site Scripting
EIP-2026-112463 EXPLOITDB text WRITEUP
Subrion Auto Classifieds - Persistent Cross-Site Scripting
CVE-2010-4986 EXPLOITDB text WRITEUP
Simple Document Management System - SQL Injection
SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
EIP-2026-111683 EXPLOITDB text WRITEUP
Rayzz Photoz - Arbitrary File Upload
CVE-2010-2698 EXPLOITDB text WRITEUP
Sijio Community Software - Authenticated Cross-Site Scripting via Title Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-111767 EXPLOITDB text WRITEUP
ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting
CVE-2010-5011 EXPLOITDB text WRITEUP
SchoolMation 2.3 - SQL Injection via Studentmain Session Parameter
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
EIP-2026-111393 EXPLOITDB text WRITEUP
Pointter Social Network - Local File Inclusion
EIP-2026-111513 EXPLOITDB text WRITEUP
ProArcadeScript - 'search.php' Cross-Site Scripting
CVE-2010-2315 EXPLOITDB text WRITEUP
SmartISoft phpBazar 2.1.1 - Remote Code Execution via Picturelib.php Cat Parameter
PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.
EIP-2026-110927 EXPLOITDB text WRITEUP
PHPAuctionSystem - Arbitrary File Upload
EIP-2026-110661 EXPLOITDB text WORKING POC
PHP Car Rental Complete System 1.2 - SQL Injection