XaDoS

12 exploits Active since Dec 2008
CVE-2008-5933 EXPLOITDB text WORKING POC
CMS ISWEB 3.0 - Cross-Site Scripting via strcerca or id_oggetto Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6352 EXPLOITDB text WORKING POC
Xpoze Pro 4.10 - SQL Injection via Menu Parameter
SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter.
CVE-2008-6303 EXPLOITDB text WRITEUP
ToursManager - SQL Injection via tourid Parameter
SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter.
CVE-2008-6277 EXPLOITDB text WORKING POC
RakhiSoftware Shopping Cart - SQL Injection via product.php subcategory_id Parameter
SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter.
CVE-2008-5630 EXPLOITDB text WORKING POC
Post Affiliate Pro <3,3.1.4 - SQL Injection
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
CVE-2010-1109 EXPLOITDB text WORKING POC
phpMySport 1.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action.
CVE-2009-2618 EXPLOITDB text WRITEUP
MDPro 1.083.x - SQL Injection via PollID Parameter
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.
CVE-2008-5811 EXPLOITDB text WRITEUP
Joomla com_paxgallery 0.1 - SQL Injection via gid Parameter
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
EIP-2026-108625 EXPLOITDB text WRITEUP
Joomla! Component Djice Shoutbox 1.0 - Persistent Cross-Site Scripting
CVE-2009-0381 EXPLOITDB perl WORKING POC
Joomla! com_prod 5.0 - SQL Injection
SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php.
CVE-2008-5934 EXPLOITDB text WORKING POC
CMS ISWEB 3.0 - SQL Injection via id_sezione Parameter
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.
CVE-2008-5295 EXPLOITDB text WRITEUP
Jamit Job Board 3.4.10 - SQL Injection
SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter.