YEnH4ckEr

65 exploits Active since Jun 2008
CVE-2009-2259 EXPLOITDB WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2608. Reason: This candidate is a duplicate of CVE-2009-2608. Notes: All CVE users should reference CVE-2009-2608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2009-1812 EXPLOITDB text WORKING POC
myGesuad 0.9.14 - SQL Injection via Name Field and ID Parameter
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.
CVE-2009-1811 EXPLOITDB text WORKING POC
myGesuad 0.9.14 - Cross-Site Scripting via Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php.
CVE-2009-1810 EXPLOITDB text WORKING POC
myColex 1.4.2 - SQL Injection via formUser Parameter
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php.
CVE-2009-1809 EXPLOITDB text WORKING POC
myColex 1.4.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php.
CVE-2009-1488 EXPLOITDB text WORKING POC
FunGamez RC1 - Remote File Inclusion via Module Parameter Path Traversal
Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php.
CVE-2009-1487 EXPLOITDB text WORKING POC
FunGamez RC1 - SQL Injection via login_user Parameter
SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4937 EXPLOITDB text WORKING POC
Small Pirate 2.1 - Stored Cross-Site Scripting via img BBCode Tag onmouseover Action
Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.
CVE-2009-1614 EXPLOITDB text WORKING POC
Leap CMS 0.1.4 - Cross-Site Scripting via Message or Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information.
CVE-2009-1613 EXPLOITDB text WORKING POC
Leap CMS 0.1.4 - SQL Injection via Searchterm or Email Parameter
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
CVE-2009-1584 EXPLOITDB text WORKING POC
TemaTres 1.0.3 and 1.031 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
CVE-2009-1583 EXPLOITDB text WORKING POC
TemaTres 1.0.3 and 1.031 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.
CVE-2008-2565 EXPLOITDB text WORKING POC
php-address_book < 4.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
EIP-2026-114398 EXPLOITDB perl WORKING POC
WysGui CMS 1.2b - Insecure Cookie Handling Blind SQL Injection
CVE-2009-1408 EXPLOITDB text WORKING POC
webSPELL 4.2.0c - Cross-Site Scripting via Nested BBcode Tags
Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.
CVE-2009-1585 EXPLOITDB text WORKING POC
TemaTres 1.031 - SQL Injection via id_correo_electronico or id_password Parameter
Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1584 EXPLOITDB perl WORKING POC
TemaTres 1.0.3 and 1.031 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
CVE-2009-4936 EXPLOITDB text WORKING POC
Small Pirate 2.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.
EIP-2026-112397 EXPLOITDB text WORKING POC
Splog 1.2 Beta - Multiple SQL Injections
CVE-2009-1799 EXPLOITDB text WORKING POC
ST-Gallery 0.1 alpha - SQL Injection via gallery_category or gallery_show Parameter
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php.
EIP-2026-111855 EXPLOITDB text WORKING POC
S-CMS 2.0b3 - Multiple SQL Injections
CVE-2009-1650 EXPLOITDB text WORKING POC
Shutter 0.1.1 - SQL Injection via albumID, tagID, or photoID Parameter
Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.
EIP-2026-111854 EXPLOITDB text WRITEUP
S-CMS 2.0b3 - Multiple Local File Inclusions
CVE-2009-1910 EXPLOITDB perl WORKING POC
RTWebalbum 1.0.462 - SQL Injection via AlbumId Parameter
SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter.
EIP-2026-111853 EXPLOITDB perl WORKING POC
S-CMS 2.0b3 - 'Username' Blind SQL Injection