Valentin Hoebel - Security Researcher - Exploit Intelligence Platform

CVE-2009-1347 EXPLOITDB WRITEUP

chCounter 3.1.3 - SQL Injection via Login Name or Password Parameter

Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).

View Code

CVE-2010-2147 EXPLOITDB text WRITEUP

com_mycar 1.0 - Cross-Site Scripting via modveh Parameter

Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.

View Code

CVE-2010-4927 EXPLOITDB text WRITEUP

Joomla! com_restaurantguide 1.0.0 - SQL Injection

SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.

View Code

CVE-2010-4834 EXPLOITDB text WRITEUP

OneOrZero AIMS 2.6.0-2.7.0 - SQL Injection

Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.

View Code

CVE-2010-1497 EXPLOITDB text WRITEUP

dl_stats < 2.0 - Cross-Site Scripting via id Parameter

Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

View Code

EIP-2026-114587 EXPLOITDB text WRITEUP

Zeeways Adserver - Multiple Vulnerabilities

View Code

EIP-2026-113087 EXPLOITDB text WRITEUP

VideoDB 3.0.3 - Multiple Vulnerabilities

View Code

EIP-2026-112005 EXPLOITDB text WRITEUP

Sethi Family Guestbook 3.1.8 - Cross-Site Scripting

View Code

EIP-2026-112031 EXPLOITDB text WRITEUP

ShopSystem - SQL Injection

View Code

CVE-2008-6848 EXPLOITDB text WRITEUP

phpGreetCards 3.7 - Cross-Site Scripting via Category Parameter

Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.

View Code

CVE-2010-4909 EXPLOITDB text WRITEUP

PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter

Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.

View Code

CVE-2010-4909 EXPLOITDB text WRITEUP

PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter

Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.

View Code

EIP-2026-110049 EXPLOITDB text WRITEUP

OnePC mySite Management Software - SQL Injection

View Code

EIP-2026-110050 EXPLOITDB text WRITEUP

onepound Shop / CMS - Cross-Site Scripting / SQL Injection

View Code

CVE-2010-4835 EXPLOITDB text WRITEUP

OneOrZero AIMS 2.6.0 - Path Traversal

Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.

View Code

EIP-2026-109404 EXPLOITDB text WRITEUP

Membership Site Script - SQL Injection

View Code

EIP-2026-109230 EXPLOITDB text WRITEUP

Lyrics Script - SQL Injection / Cross-Site Scripting

View Code

CVE-2010-2148 EXPLOITDB text WRITEUP

com_mycar 1.0 - SQL Injection via Pagina Parameter

SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.

View Code

CVE-2010-1350 EXPLOITDB text WORKING POC

com_jp_jobs < 1.4.1 - SQL Injection via id Parameter

SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

View Code

CVE-2010-4837 EXPLOITDB text WRITEUP

com_jsupport 1.5.6 - Cross-Site Scripting via Subject Parameter

Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2010-4838 EXPLOITDB text WRITEUP

com_jsupport 1.5.6 - Authenticated SQL Injection via Alpha Parameter

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

View Code

CVE-2010-1468 EXPLOITDB text WRITEUP

com_mv_restaurantmenumanager < 1.5.2 - SQL Injection via mid Parameter

SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.

View Code

CVE-2010-1720 EXPLOITDB python WORKING POC

com_qpersonel < 1.0.2 - SQL Injection via katid Parameter

SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.

View Code

CVE-2010-1720 EXPLOITDB text WRITEUP

com_qpersonel < 1.0.2 - SQL Injection via katid Parameter

SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.

View Code

CVE-2010-4928 EXPLOITDB text WRITEUP

Joomla! com_restaurantguide 1.0.0 - XSS

Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.

View Code