Valentin

38 exploits Active since Apr 2009
CVE-2010-1496 EXPLOITDB text WRITEUP
Joomla! com_joltcard 1.2.1 - SQL Injection
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.
CVE-2010-2921 EXPLOITDB text WRITEUP
Joomla! com_golfcourseguide <0.9.6.0 - SQL Injection
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.
EIP-2026-108471 EXPLOITDB text WRITEUP
Joomla! Component com_pandafminigames - SQL Injection
EIP-2026-108401 EXPLOITDB text WRITEUP
Joomla! Component com_jmsfileseller - Local File Inclusion
EIP-2026-108229 EXPLOITDB text WORKING POC
Joomla! Component Card View JX - Cross-Site Scripting
CVE-2010-2129 EXPLOITDB text WRITEUP
Harmistechnology Com Jeajaxeventcalendar - Path Traversal
Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
EIP-2026-107323 EXPLOITDB text WRITEUP
G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting
CVE-2010-3207 EXPLOITDB text WRITEUP
galeriashqip 1.0 - SQL Injection via album_id Parameter
SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1872 EXPLOITDB text WORKING POC
FlashCard 2.6.5 and 3.0.1 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-106343 EXPLOITDB text WRITEUP
Daily Inspirational Quotes Script - SQL Injection
CVE-2010-2673 EXPLOITDB text WRITEUP
Devana < 1.6.6 - SQL Injection via Profile View ID Parameter
SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-106621 EXPLOITDB text WRITEUP
E-Book Store - SQL Injection
CVE-2009-1362 EXPLOITDB text WRITEUP
chcounter 3.1.3 - SQL Injection via login_name Parameter
SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.