ajann

220 exploits Active since Mar 2005
CVE-2007-1960 EXPLOITDB perl WORKING POC
Rha7 Downloads Module for XOOPS - SQL Injection via visit.php lid Parameter
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2007-2738 EXPLOITDB perl WORKING POC
Xoops Glossaire Module < 1.7 - SQL Injection via sid Parameter
SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.
CVE-2007-1974 EXPLOITDB html WORKING POC
Wf-sections < 1.07 - SQL Injection
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
CVE-2007-1846 EXPLOITDB perl WORKING POC
Xoops MyAds Module < 2.04 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.
CVE-2007-1814 EXPLOITDB perl WORKING POC
Xoops Core Module - SQL Injection via viewcat.php cid Parameter
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.
CVE-2007-1805 EXPLOITDB html WORKING POC
debaser < 0.92 - SQL Injection via genreid Parameter
SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter.
CVE-2007-2370 EXPLOITDB perl WORKING POC
John Mordo Jobs <2.4 - SQL Injection
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
CVE-2007-1807 EXPLOITDB perl WORKING POC
myAlbum-P < 2.0 - SQL Injection via cid Parameter
SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1979 EXPLOITDB html WORKING POC
xoops_popnupblog < 2.52 - SQL Injection via postid Parameter
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
CVE-2007-2737 EXPLOITDB perl WORKING POC
MyConference 1.0 for Xoops - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1816 EXPLOITDB perl WORKING POC
Tutoriais module for Xoops - SQL Injection via cid Parameter
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1815 EXPLOITDB perl WORKING POC
Xoops Library Module - SQL Injection via viewcat.php cid Parameter
SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-1810 EXPLOITDB perl WORKING POC
Kshop < 1.17 - SQL Injection via product_details.php id Parameter
SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0569 EXPLOITDB text WORKING POC
xNews 1.3 - SQL Injection via id Parameter
SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action.
CVE-2006-3176 EXPLOITDB perl WORKING POC
xaran_cms 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3311 EXPLOITDB perl WORKING POC
Xoops Articles Module < 1.02 - SQL Injection via print.php id Parameter
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1808 EXPLOITDB perl WORKING POC
Camportail < 1.1 - SQL Injection via show.php camid Parameter
SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action.
CVE-2007-1838 EXPLOITDB perl WORKING POC
Xoops Friendfinder Module < 3.3 - SQL Injection via id Parameter
SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1813 EXPLOITDB perl WORKING POC
eCal 2.24 and earlier - SQL Injection via katid Parameter
SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.
CVE-2007-1025 EXPLOITDB html WORKING POC
VS-Link-Partner < 2.1 - Remote File Inclusion via gb_pfad Parameter
PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.
CVE-2007-1017 EXPLOITDB html WORKING POC
VirtualSystem VS-News-System <1.2.1 - RCE
PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.
CVE-2006-5514 EXPLOITDB text WORKING POC
Web Group Communication Center < 0.5.6b - SQL Injection via quiz.php qzid Parameter
SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter.
CVE-2007-3939 EXPLOITDB html WORKING POC
SpoonLabs Vivvo Article Management CMS < 3.40 - SQL Injection via Category Parameter
SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2005-3952 EXPLOITDB perl WORKING POC
PHP Labs Top Auction - SQL Injection via Category or Type Parameter
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
CVE-2007-0226 EXPLOITDB text WRITEUP
uniForum < 4 - SQL Injection via TXbyuser Parameter
SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).