Valentin Hoebel

44 exploits Active since Apr 2009
CVE-2010-1746 EXPLOITDB text WRITEUP
com_grid - Cross-Site Scripting via data_search and rpp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.
EIP-2026-108123 EXPLOITDB text WRITEUP
Joke Website Script - SQL Injection / Cross-Site Scripting
CVE-2010-1496 EXPLOITDB text WRITEUP
Joomla! com_joltcard 1.2.1 - SQL Injection
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.
CVE-2010-5028 EXPLOITDB text WRITEUP
Joomla! com_jejob 1.0 - SQL Injection
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
CVE-2010-2921 EXPLOITDB text WRITEUP
Joomla! com_golfcourseguide <0.9.6.0 - SQL Injection
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.
EIP-2026-108471 EXPLOITDB text WRITEUP
Joomla! Component com_pandafminigames - SQL Injection
EIP-2026-108401 EXPLOITDB text WRITEUP
Joomla! Component com_jmsfileseller - Local File Inclusion
EIP-2026-108229 EXPLOITDB text WORKING POC
Joomla! Component Card View JX - Cross-Site Scripting
CVE-2010-5032 EXPLOITDB text WRITEUP
Joomla! com_bfquiztrial <1.3.1 - SQL Injection
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
CVE-2010-5032 EXPLOITDB python WORKING POC
Joomla! com_bfquiztrial <1.3.1 - SQL Injection
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
CVE-2010-2129 EXPLOITDB text WRITEUP
Harmistechnology Com Jeajaxeventcalendar - Path Traversal
Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-3207 EXPLOITDB text WRITEUP
galeriashqip 1.0 - SQL Injection via album_id Parameter
SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-107323 EXPLOITDB text WRITEUP
G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting
EIP-2026-106351 EXPLOITDB text WRITEUP
damianov.net Shoutbox - Cross-Site Scripting
EIP-2026-106621 EXPLOITDB text WRITEUP
E-Book Store - SQL Injection
EIP-2026-106343 EXPLOITDB text WRITEUP
Daily Inspirational Quotes Script - SQL Injection
CVE-2010-1498 EXPLOITDB text WRITEUP
dl_stats < 2.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.
CVE-2010-2673 EXPLOITDB text WRITEUP
Devana < 1.6.6 - SQL Injection via Profile View ID Parameter
SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1362 EXPLOITDB text WRITEUP
chcounter 3.1.3 - SQL Injection via login_name Parameter
SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.