ajann

220 exploits Active since Mar 2005
CVE-2005-0725 EXPLOITDB perl WORKING POC
WF-Sections 1.07 - SQL Injection via articleid Parameter
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
CVE-2005-0725 EXPLOITDB html WORKING POC
WF-Sections 1.07 - SQL Injection via articleid Parameter
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
CVE-2005-0725 EXPLOITDB perl WORKING POC
WF-Sections 1.07 - SQL Injection via articleid Parameter
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
CVE-2006-2696 EXPLOITDB WORKING POC
Easy-Content Forums 1.0 - Cross-Site Scripting via startletter or catid Parameter
Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp.
CVE-2009-0427 EXPLOITDB WORKING POC
DMXReady Member Directory Manager <1.1 - SQL Injection
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-0426 EXPLOITDB text WORKING POC
DMXReady Classified Listings Manager <1.1 - SQL Injection
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1706 EXPLOITDB html WORKING POC
eWebQuiz 8 - SQL Injection via QuizID Parameter
SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter.
CVE-2007-0631 EXPLOITDB text WORKING POC
CascadianFAQ < 4.1 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-6524 EXPLOITDB text WORKING POC
EzHRS HR Assist <1.05 - SQL Injection
SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter.
CVE-2007-0589 EXPLOITDB text WORKING POC
Forum Livre 1.0 - SQL Injection via User Parameter
SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp.
CVE-2007-0224 EXPLOITDB text WORKING POC
VP-ASP Shopping Cart <= 6.09 - SQL Injection via LoginLastname Parameter
SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.
CVE-2006-6911 EXPLOITDB text WORKING POC
Digitizing Quote And Ordering System 1.0 - Authenticated SQL Injection via ordernum Parameter
SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.
CVE-2006-6807 EXPLOITDB text WORKING POC
Softwebs Nepal Ananda Real Estate <3.4 - SQL Injection
SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.
CVE-2006-6380 EXPLOITDB text WORKING POC
Ultimate HelpDesk - Cross-Site Scripting via Index.asp Keyword Parameter
Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2006-5954 EXPLOITDB text WORKING POC
NetVIOS < 2.0 - SQL Injection via NewsID Parameter
SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
CVE-2006-2847 EXPLOITDB html WORKING POC
aspWebLinks 2.0 - SQL Injection via linkID Parameter
SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter.
CVE-2007-2737 EXPLOITDB perl WORKING POC
MyConference 1.0 for Xoops - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1979 EXPLOITDB html WORKING POC
xoops_popnupblog < 2.52 - SQL Injection via postid Parameter
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
CVE-2007-1816 EXPLOITDB perl WORKING POC
Tutoriais module for Xoops - SQL Injection via cid Parameter
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1838 EXPLOITDB perl WORKING POC
Xoops Friendfinder Module < 3.3 - SQL Injection via id Parameter
SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1807 EXPLOITDB perl WORKING POC
myAlbum-P < 2.0 - SQL Injection via cid Parameter
SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1847 EXPLOITDB perl WORKING POC
Xoops Repository Module - SQL Injection via viewcat.php cid Parameter
SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1960 EXPLOITDB perl WORKING POC
Rha7 Downloads Module for XOOPS - SQL Injection via visit.php lid Parameter
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2007-1846 EXPLOITDB perl WORKING POC
Xoops MyAds Module < 2.04 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.
CVE-2007-2373 EXPLOITDB python WORKING POC
WF-Links < 1.03 - SQL Injection via cid Parameter
SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter.