Valentin Hoebel

44 exploits Active since Apr 2009
CVE-2009-1347 EXPLOITDB WRITEUP
Chcounter - SQL Injection
Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).
CVE-2010-2147 EXPLOITDB text WRITEUP
Unisoft Com Mycar - XSS
Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.
CVE-2010-4927 EXPLOITDB text WRITEUP
Joomla! com_restaurantguide 1.0.0 - SQL Injection
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
CVE-2010-4834 EXPLOITDB text WRITEUP
OneOrZero AIMS 2.6.0-2.7.0 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.
CVE-2010-1497 EXPLOITDB text WRITEUP
dl_stats <2.0 - XSS
Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
EIP-2026-114587 EXPLOITDB text WRITEUP
Zeeways Adserver - Multiple Vulnerabilities
EIP-2026-113087 EXPLOITDB text WRITEUP
VideoDB 3.0.3 - Multiple Vulnerabilities
EIP-2026-112005 EXPLOITDB text WRITEUP
Sethi Family Guestbook 3.1.8 - Cross-Site Scripting
EIP-2026-112031 EXPLOITDB text WRITEUP
ShopSystem - SQL Injection
CVE-2008-6848 EXPLOITDB text WRITEUP
W2B Phpgreetcards - XSS
Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.
CVE-2010-4909 EXPLOITDB text WRITEUP
PaysiteReviewCMS 1.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.
CVE-2010-4909 EXPLOITDB text WRITEUP
PaysiteReviewCMS 1.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.
EIP-2026-110049 EXPLOITDB text WRITEUP
OnePC mySite Management Software - SQL Injection
EIP-2026-110050 EXPLOITDB text WRITEUP
onepound Shop / CMS - Cross-Site Scripting / SQL Injection
CVE-2010-4835 EXPLOITDB text WRITEUP
OneOrZero AIMS 2.6.0 - Path Traversal
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.
EIP-2026-109404 EXPLOITDB text WRITEUP
Membership Site Script - SQL Injection
EIP-2026-109230 EXPLOITDB text WRITEUP
Lyrics Script - SQL Injection / Cross-Site Scripting
CVE-2010-2148 EXPLOITDB text WRITEUP
Unisoft Com Mycar - SQL Injection
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.
CVE-2010-1350 EXPLOITDB text WORKING POC
JP Jobs <1.4.1 - SQL Injection
SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2010-4837 EXPLOITDB text WRITEUP
JSupport 1.5.6 - XSS
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4838 EXPLOITDB text WRITEUP
JSupport 1.5.6 - SQL Injection
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.
CVE-2010-1468 EXPLOITDB text WRITEUP
Joomla! <1.5.2.3 - SQL Injection
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.
CVE-2010-1720 EXPLOITDB python WORKING POC
Qproje Com Qpersonel < 1.0.2 - SQL Injection
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.
CVE-2010-1720 EXPLOITDB text WRITEUP
Qproje Com Qpersonel < 1.0.2 - SQL Injection
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.
CVE-2010-4928 EXPLOITDB text WRITEUP
Joomla! com_restaurantguide 1.0.0 - XSS
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.