Valentin

CVE-2010-2147 EXPLOITDB text WRITEUP

com_mycar 1.0 - Cross-Site Scripting via modveh Parameter

Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.

View Code

CVE-2010-4927 EXPLOITDB text WRITEUP

Joomla! com_restaurantguide 1.0.0 - SQL Injection

SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.

View Code

CVE-2010-4834 EXPLOITDB text WRITEUP

OneOrZero AIMS 2.6.0-2.7.0 - SQL Injection

Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-114587 EXPLOITDB text WRITEUP

Zeeways Adserver - Multiple Vulnerabilities

View Code

EIP-2026-113087 EXPLOITDB text WRITEUP

VideoDB 3.0.3 - Multiple Vulnerabilities

View Code

EIP-2026-112005 EXPLOITDB text WRITEUP

Sethi Family Guestbook 3.1.8 - Cross-Site Scripting

View Code

EIP-2026-112031 EXPLOITDB text WRITEUP

ShopSystem - SQL Injection

View Code

CVE-2008-6848 EXPLOITDB text WRITEUP

phpGreetCards 3.7 - Cross-Site Scripting via Category Parameter

Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.

View Code

EIP-2026-110049 EXPLOITDB text WRITEUP

OnePC mySite Management Software - SQL Injection

View Code

EIP-2026-110050 EXPLOITDB text WRITEUP

onepound Shop / CMS - Cross-Site Scripting / SQL Injection

View Code

CVE-2010-4835 EXPLOITDB text WRITEUP

OneOrZero AIMS 2.6.0 - Path Traversal

Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.

View Code

EIP-2026-109404 EXPLOITDB text WRITEUP

Membership Site Script - SQL Injection

View Code

EIP-2026-109230 EXPLOITDB text WRITEUP

Lyrics Script - SQL Injection / Cross-Site Scripting

View Code

CVE-2010-1468 EXPLOITDB text WRITEUP

com_mv_restaurantmenumanager < 1.5.2 - SQL Injection via mid Parameter

SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.

View Code

CVE-2010-1350 EXPLOITDB text WORKING POC

com_jp_jobs < 1.4.1 - SQL Injection via id Parameter

SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

View Code

CVE-2010-4837 EXPLOITDB text WRITEUP

com_jsupport 1.5.6 - Cross-Site Scripting via Subject Parameter

Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2010-4838 EXPLOITDB text WRITEUP

com_jsupport 1.5.6 - Authenticated SQL Injection via Alpha Parameter

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

View Code

CVE-2010-2148 EXPLOITDB text WRITEUP

com_mycar 1.0 - SQL Injection via Pagina Parameter

SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.

View Code

CVE-2010-1720 EXPLOITDB text WRITEUP

com_qpersonel < 1.0.2 - SQL Injection via katid Parameter

SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.

View Code

CVE-2010-4928 EXPLOITDB text WRITEUP

Joomla! com_restaurantguide 1.0.0 - XSS

Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.

View Code

CVE-2010-1746 EXPLOITDB text WRITEUP

com_grid - Cross-Site Scripting via data_search and rpp Parameters

Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.

View Code

EIP-2026-109088 EXPLOITDB text WRITEUP

leaftec CMS - Multiple Vulnerabilities

View Code

EIP-2026-108123 EXPLOITDB text WRITEUP

Joke Website Script - SQL Injection / Cross-Site Scripting

View Code

CVE-2010-5032 EXPLOITDB text WRITEUP

Joomla! com_bfquiztrial <1.3.1 - SQL Injection

SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.

View Code

CVE-2010-5028 EXPLOITDB text WRITEUP

Joomla! com_jejob 1.0 - SQL Injection

SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.

View Code