ajann

220 exploits Active since Mar 2005
CVE-2007-1960 EXPLOITDB perl WORKING POC
Xoops Rha7 Downloads Module - SQL Injection
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2007-2738 EXPLOITDB perl WORKING POC
Glossaire <1.7 - SQL Injection
SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.
CVE-2007-1974 EXPLOITDB html WORKING POC
Wf-sections < 1.07 - SQL Injection
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
CVE-2007-1846 EXPLOITDB perl WORKING POC
Xoops Malaika System Myads Module < 2.04 - SQL Injection
SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.
CVE-2007-1814 EXPLOITDB perl WORKING POC
Xoops Core Module - SQL Injection
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.
CVE-2007-1805 EXPLOITDB html WORKING POC
Myxoops Debaser < 0.92 - SQL Injection
SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter.
CVE-2007-2370 EXPLOITDB perl WORKING POC
John Mordo Jobs <2.4 - SQL Injection
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
CVE-2007-1807 EXPLOITDB perl WORKING POC
Peak Xoops Myalbum P < 2.0 - SQL Injection
SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1979 EXPLOITDB html WORKING POC
Xoops Popnupblog < 2.52 - SQL Injection
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
CVE-2007-2737 EXPLOITDB perl WORKING POC
MyConference 1.0 - SQL Injection
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1816 EXPLOITDB perl WORKING POC
Xoops Tutoriais Module - SQL Injection
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1815 EXPLOITDB perl WORKING POC
Xoops Library Module - SQL Injection
SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1810 EXPLOITDB perl WORKING POC
Kaotik Kshop < 1.17 - SQL Injection
SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0569 EXPLOITDB text WORKING POC
X-dev Xnews - SQL Injection
SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action.
CVE-2006-3176 EXPLOITDB perl WORKING POC
xarancms 2.0 - SQL Injection
SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3311 EXPLOITDB perl WORKING POC
Xoops Articles Module < 1.02 - SQL Injection
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1808 EXPLOITDB perl WORKING POC
Camportail < 1.1 - SQL Injection
SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action.
CVE-2007-1838 EXPLOITDB perl WORKING POC
Xoops Friendfinder Module < 3.3 - SQL Injection
SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1813 EXPLOITDB perl WORKING POC
Inconnueteam Ecal - SQL Injection
SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.
CVE-2007-1025 EXPLOITDB html WORKING POC
VS-Link-Partner <2.1 - RCE
PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.
CVE-2007-1017 EXPLOITDB html WORKING POC
VirtualSystem VS-News-System <1.2.1 - RCE
PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.
CVE-2006-5514 EXPLOITDB text WORKING POC
Web Group Communication Center < 0.5.6b - SQL Injection
SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter.
CVE-2007-3939 EXPLOITDB html WORKING POC
Spoonlabs Vivvo Article Management Cms < 3.40 - SQL Injection
SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2005-3952 EXPLOITDB perl WORKING POC
PHP Labs Top Auction - SQL Injection
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
CVE-2007-0226 EXPLOITDB text WRITEUP
Uniforum < 4 - SQL Injection
SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).